help:c'est que cet erreur

Twitter iPhone pliant OnePlus 11 PS5 Disney+ Orange Livebox Windows 11

Entraide Windows Windows NT Discussions Générales help:c'est que cet erreur

1 réponse

Adriana

08/04/2004 à 15:44

Une exception d'application s'est produite :
App : EXPLORER.dbg (pid=3D494)
Quand : 4/8/2004 @ 15:30:10.453
Num=E9ro d'exception : 006d007f=20
()

*----> Informations syst=E8me <----*
Nom ordinateur : SRV_SYBASE
Nom utilisateur : wlk
Nombre de processeurs : 2
Type de processeur : x86 Family 6 Model 8 Stepping=20
6
Version Windows : 4.0
Num=E9ro actuel : 1381
Service Pack : 5
Type actuel : Multiprocessor Free
Organisation enregistr=E9e : mpf
Propri=E9taire enregistr=E9 : srv_sybase

*----> Liste des t=E2ches <----*
0 Idle.exe
2 System.exe
28 SMSS.exe
42 CSRSS.exe
32 WINLOGON.exe
48 SERVICES.exe
51 LSASS.exe
75 SPOOLSS.exe
93 ASDscSvc.exe
82 Ntagent.exe
97 defwatch.exe
104 llssrv.exe
107 rtvscan.exe
125 RPCSS.exe
128 r_server.exe
136 ATSVC.exe
141 bcksrvr.exe
147 histsrvr.exe
151 sqlsrvr.exe
208 afaagent.exe
215 PSTORES.exe
130 LOCATOR.exe
67 NDDEAGNT.exe
264 PROMon.exe
271 vptray.exe
494 explorer.exe
618 DRWTSN32.exe
0 _Total.exe

(00400000 - 0042e000) EXPLORER.dbg
(77f70000 - 77fd0000) dll\ntdll.dbg
(77dc0000 - 77dff000) dll\advapi32.dbg
(77f00000 - 77f61000) dll\kernel32.dbg
(77e70000 - 77ec4000) dll\user32.dbg
(77ed0000 - 77efc000) dll\gdi32.dbg
(77e10000 - 77e67000) dll\rpcrt4.dbg
(70bd0000 - 70c14000) SHLWAPI.dbg
(71700000 - 7178a000) COMCTL32.dbg
(70960000 - 70b0c000) SHELL32.dbg
(70730000 - 70947000) SHDOCVW.dbg
(77b20000 - 77bd6000) dll\ole32.dbg
(77bf0000 - 77bf7000) dll\rpcltc1.dbg
(70300000 - 70359000) WEBCHECK.dbg
(77780000 - 77786000) dll\msidle.dbg
(1a400000 - 1a430000) urlmon.dbg
(63000000 - 6304d000) wininet.dbg
(77a40000 - 77a4d000) dll\ntshrui.dbg
(78000000 - 78040000)=20
(72240000 - 7227a000) dll\netapi32.dbg
(77830000 - 77839000) dll\NetRap.dbg
(72280000 - 7228d000) dll\samlib.dbg

Etat de vidage Thread Id 0x193

eax=3D00000001 ebx=3D00000001 ecx=3D00087d70 edx=3Dffffffff=20
esi=3D00087d70 edi=3D00000000
eip=3D7074e70e esp=3D0006fc98 ebp=3D0006fcb4 iopl=3D0 nv=20
up ei pl zr na po nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00010246

fonction : DllGetClassObject
7074e6ef 7d5c jge =20
DllGetClassObject+0x1ac (7074e74d)
7074e6f1 54 push esp
7074e6f2 7970 jns =20
DllGetClassObject+0x1c3 (7074e764)
7074e6f4 656c insb
7074e6f6 696200e83d90fe imul esp,
[edx],0xfe903de8 ds:3bc6ea05=3D????????
7074e6fd ff6a01 jmp fword ptr=20
[edx+0x1] ds:3bc6ea05=3D????????????
7074e700 58 pop eax
7074e701 c20400 ret 0x4
7074e704 836c240430 sub dword ptr=20
[esp+0x4],0x30 ss:3bcde69f=3D????????
7074e709 e97c81feff jmp =20
Ordinal159+0x2083 (7073688a)
7074e70e 55 push ebp
7074e70f 8bec mov ebp,esp
7074e711 83ec1c sub esp,0x1c
7074e714 56 push esi
7074e715 6a01 push 0x1
7074e717 6a00 push 0x0
7074e719 6a00 push 0x0
7074e71b 8d45e4 lea eax,[ebp-
0x1c] ss:3bcde6ba=3D????????
7074e71e 6a00 push 0x0
7074e720 8bf1 mov esi,ecx
7074e722 50 push eax
7074e723=20
ff1548187370 =20
ds:70731848=3D77e71ade
call dword ptr=20
[Ordinal145+0x1848 (70731848)]

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
0006fc94 70774f29 00000000 00087d70 00000001 77f1ced8=20
SHDOCVW!DllGetClassObject=20
0006fcb4 7077497a 00000000 00000000 00408215 00087d70=20
SHDOCVW!Ordinal120=20
0006ff60 00404849 00400000 00000000 0002062c 00000005=20
SHDOCVW!Ordinal120=20
0006ffc0 77f1ba06 00000000 00000000 7ffdf000 7ffdf000=20
EXPLORER!<nosymbols>=20
0006fff0 00000000 004047d0 00000000 000000b0 00000100=20
kernel32!GetProcessPriorityBoost=20
00000000 00000000 00000000 00000000 00000000 00000000=20
EXPLORER!<nosymbols>=20

*----> Vidage brut de la pile <----*
0006fc98 29 4f 77 70 00 00 00 00 - 70 7d 08 00 01 00 00=20
00 )Owp....p}......
0006fca8 d8 ce f1 77 70 7d 08 00 - 70 7d 08 00 60 ff 06=20
00 ...wp}..p}..`...
0006fcb8 7a 49 77 70 00 00 00 00 - 00 00 00 00 15 82 40=20
00 zIwp..........@.
0006fcc8 70 7d 08 00 06 4b 40 00 - 70 7d 08 00 00 00 00=20
00 p}...K@.p}......
0006fcd8 2c 06 02 00 00 f0 fd 7f - b8 00 00 00 88 fe 06=20
00 ,...............
0006fce8 14 fd 06 00 88 fe 06 00 - 18 00 fd 7f e8 fd 06=20
00 ................
0006fcf8 a8 f5 f8 77 e8 fd 06 00 - fa 05 02 00 18 00 00=20
00 ...w............
0006fd08 a0 fe 06 00 00 e0 fd 7f - 00 00 00 00 69 a0 f7=20
77 ............i..w
0006fd18 9c fe 06 00 00 00 00 80 - 70 fe 06 00 00 e0 fd=20
7f ........p.......
0006fd28 00 f0 fd 7f 00 00 00 00 - 5c 00 52 00 65 00 67=20
00 ........\.R.e.g.
0006fd38 69 00 73 00 74 00 72 00 - 79 00 5c 00 4d 00 61=20
00 i.s.t.r.y.\.M.a.
0006fd48 63 00 68 00 69 00 6e 00 - 65 00 5c 00 53 00 6f=20
00 c.h.i.n.e.\.S.o.
0006fd58 66 00 74 00 77 00 61 00 - 72 00 65 00 5c 00 4d=20
00 f.t.w.a.r.e.\.M.
0006fd68 69 00 63 00 72 00 6f 00 - 73 00 6f 00 66 00 74=20
00 i.c.r.o.s.o.f.t.
0006fd78 5c 00 57 00 69 00 6e 00 - 64 00 6f 00 77 00 73=20
00 \.W.i.n.d.o.w.s.
0006fd88 20 00 4e 00 54 00 5c 00 - 43 00 75 00 72 00 72=20
00 .N.T.\.C.u.r.r.
0006fd98 65 00 6e 00 74 00 56 00 - 52 03 01 00 3f 00 3f=20
00 e.n.t.V.R...?.?.
0006fda8 3f 00 3f 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ?.?.............
0006fdb8 00 00 46 00 1c 10 fc 7f - 22 14 fc 7f 1e 14 fc=20
7f ..F.....".......
0006fdc8 00 00 00 00 e4 04 01 00 - 3f 00 3f 00 3f 00 3f=20
00 ........?.?.?.?.

Etat de vidage Thread Id 0x284

eax=3D007ffebc ebx=3D00000000 ecx=3D00000001 edx=3Dffffffff=20
esi=3D77e759d6 edi=3D00000003
eip=3D70965526 esp=3D007ffe7c ebp=3D00000284 iopl=3D0 nv=20
up ei pl zr na po nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00010246

fonction : Ordinal21
70965509 00ff add bh,bh
7096550b 7424 jz Ordinal21+0x435=20
(70965531)
7096550d 108b442408ff adc =20
[ebx+0xff082444],cl ds:ff082444=3D??
70965513 7424 jz Ordinal21+0x43d=20
(70965539)
70965515 108b4008ff74 adc =20
[ebx+0x74ff0840],cl ds:74ff0840=3D??
7096551b 2410 and al,0x10
7096551d 8b08 mov ecx,
[eax] ds:007ffebc=3D000000b4
7096551f 50 push eax
70965520 ff511c call dword ptr=20
[ecx+0x1c] ds:3bc6ea07=3D????????
70965523 c21000 ret 0x10
70965526 55 push ebp
70965527 8bec mov ebp,esp
70965529 81ec10020000 sub esp,0x210
7096552f 57 push edi
70965530 33ff xor edi,edi
70965532 393d6c61a070 cmp =20
[70a0616c],edi ds:70a0616c=3D000873d8
70965538 897dfc mov [ebp-
0x4],edi ss:3bc6ec8a=3D????????
7096553b 7451 jz Ordinal21+0x492=20
(7096558e)
7096553d e89cdeffff call Ordinal128+0x33f=20
(709633de)
70965542 a16c61a070 mov eax,
[70a0616c] ds:70a0616c=3D000873d8
70965547 8b00 mov eax,
[eax] ds:007ffebc=3D000000b4
70965549 3bc7 cmp eax,edi

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
007ffe78 7097705a 007ffebc 77f9e4f1 00070000 007fffec=20
SHELL32!Ordinal21=20
00000284 00000000 00000000 00000000 00000000 00000000=20
SHELL32!SHGetDesktopFolder=20

Etat de vidage Thread Id 0x211

eax=3D0008c090 ebx=3D00000000 ecx=3D0008c090 edx=3D00000000=20
esi=3D00083508 edi=3D00083530
eip=3D77f77f67 esp=3D0083fdf0 ebp=3D0083ff90 iopl=3D0 nv=20
up ei pl nz na po nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000206

fonction : ZwReplyWaitReceivePort
77f77f5c b890000000 mov eax,0x90
77f77f61 8d542404 lea edx,
[esp+0x4] ss:3c4ae7f7=3D????????
77f77f65 cd2e int 2e
77f77f67 c21000 ret 0x10
77f77f6a 8bc0 mov eax,eax

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
0083ff90 77e15fa2 77e16821 00083508 0083ffec 0006f952=20
ntdll!ZwReplyWaitReceivePort=20
00003a98 00000000 00000000 00000000 00000000 00000000=20
rpcrt4!NdrVaryingArrayFree=20

Etat de vidage Thread Id 0x132

eax=3D0087fe54 ebx=3D00000000 ecx=3Dffffffff edx=3D0087fef8=20
esi=3D0087fe6c edi=3D1a400000
eip=3D77f1d493 esp=3D0087fe50 ebp=3D0087fea4 iopl=3D0 nv=20
up ei pl zr na po nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000246

fonction : RaiseException
77f1d476 83c604 add esi,0x4
77f1d479 8bc1 mov eax,ecx
77f1d47b 49 dec ecx
77f1d47c 85c0 test eax,eax
77f1d47e 75ef jnz =20
RaiseException+0x46 (77f1d46f)
77f1d480 eb07 jmp =20
RaiseException+0x60 (77f1d489)
77f1d482 c745c000000000 mov dword ptr [ebp-
0x40],0x0 ss:3c4ee8aa=3D????????
77f1d489 8d45b0 lea eax,[ebp-
0x50] ss:3c4ee8aa=3D????????
77f1d48c 50 push eax
77f1d48d=20
ff15b4c3f377 =20
ds:77f3c3b4=3D77f98f6c
call dword ptr=20
[GetDateFormatW+0x4d9f (77f3c3b4)]
FAUTE ->77f1d493 5e pop esi
77f1d494 8be5 mov esp,ebp
77f1d496 5d pop ebp
77f1d497 c21000 ret 0x10

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
0087fea4 70302799 006d007f 00000000 00000001 0087fef4=20
kernel32!RaiseException=20
0087feec 70324bfa 0087fec8 7032a664 ffffffff 00000601=20
WEBCHECK!DllGetClassObject=20
00000001 00000000 00000000 00000000 00000000 00000000=20
WEBCHECK!<nosymbols>=20

*----> Vidage brut de la pile <----*
0087fe50 c0 76 32 70 7f 00 6d 00 - 00 00 00 00 00 00 00=20
00 .v2p..m.........
0087fe60 93 d4 f1 77 01 00 00 00 - c8 fe 87 00 84 fe 87=20
00 ...w............
0087fe70 00 00 40 1a 00 00 32 70 - 00 00 00 00 5c 8c f9=20
77 ..@...2p....\..w
0087fe80 39 01 00 c0 ac fe 87 00 - 75 17 f0 77 7f 00 00=20
00 9.......u..w....
0087fe90 00 00 32 70 17 40 f1 77 - 39 01 00 c0 c0 76 32=20
70 ..2p.@.w9....v2p
0087fea0 17 00 18 00 ec fe 87 00 - 99 27 30 70 7f 00 6d=20
00 .........'0p..m.
0087feb0 00 00 00 00 01 00 00 00 - f4 fe 87 00 d5 11 2d=20
05 ..............-.
0087fec0 00 00 00 00 01 00 00 00 - 24 00 00 00 c0 76 32=20
70 ........$....v2p
0087fed0 64 a6 32 70 e0 74 32 70 - 01 00 00 00 8c 7e 32=20
70 d.2p.t2p.....~2p
0087fee0 00 00 40 1a 00 00 00 00 - 7f 00 00 00 01 00 00=20
00 ..@.............
0087fef0 fa 4b 32 70 c8 fe 87 00 - 64 a6 32 70 ff ff ff=20
ff .K2p....d.2p....
0087ff00 01 06 00 00 c7 43 32 70 - 40 74 32 70 00 70 32=20
70 .....C2p@t2p.p2p
0087ff10 00 00 00 00 00 00 00 00 - 1c 12 78 77 01 00 00=20
00 ..........xw....
0087ff20 00 00 00 00 68 ff 87 00 - 84 ff 87 00 97 11 78=20
77 ....h.........xw
0087ff30 5c 18 e7 77 00 00 00 00 - 13 01 00 00 b0 77 00=20
00 \..w.........w..
0087ff40 c5 d8 2f 05 84 ff 87 00 - 00 00 00 00 a4 fc 06=20
00 ../.............
0087ff50 88 fc 06 00 d3 59 e7 77 - 68 ff 87 00 00 00 00=20
00 .....Y.wh.......
0087ff60 3f 7d 40 00 68 ff 87 00 - 00 00 00 00 13 01 00=20
00 ?}@.h...........
0087ff70 b0 77 00 00 97 11 78 77 - c5 d8 2f 05 e0 03 00=20
00 .w....xw../.....
0087ff80 09 00 00 00 b8 ff 87 00 - ea 7c 40 00 f7 71 bd=20
70 .........|@..q.p

Etat de vidage Thread Id 0x137

eax=3D0000008c ebx=3D0095fe04 ecx=3D0095fe24 edx=3D00000000=20
esi=3D7ffdf000 edi=3D00000001
eip=3D77f7828b esp=3D0095fde0 ebp=3D0095fe34 iopl=3D0 nv=20
up ei pl nz ac pe cy
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c5ce7e7=3D????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
0095fe34 77f1cd92 00000002 0095ff88 00000000 000dbba0=20
ntdll!NtWaitForMultipleObjects=20
0095fe50 6300f7c6 00000002 0095ff88 00000000 000dbba0=20
kernel32!WaitForMultipleObjects=20
0095ffb8 77f04ee8 00000000 00000068 0087f120 00000000=20
wininet!FindCloseUrlCache=20
0095ffec 00000000 00000000 00000000 00000000 00000000=20
kernel32!lstrcmpiW=20
00000000 00000000 00000000 00000000 00000000 00000000=20
EXPLORER!<nosymbols>=20

Etat de vidage Thread Id 0x1ae

eax=3D0000001c ebx=3D009eff3c ecx=3D009eff6c edx=3D00000000=20
esi=3D7ffdf000 edi=3D00000001
eip=3D77f7828b esp=3D009eff18 ebp=3D009eff6c iopl=3D0 nv=20
up ei pl nz ac pe cy
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c65e91f=3D????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
009eff6c 77f1cd92 00000003 009effac 00000000 ffffffff=20
ntdll!NtWaitForMultipleObjects=20
009eff88 70302215 00000003 009effac 00000000 ffffffff=20
kernel32!WaitForMultipleObjects=20
009effb8 77f04ee8 00000000 0087fb68 00f9882f 00000000=20
WEBCHECK!DllGetClassObject=20
009effec 00000000 7030218d 00000000 00000000 00000000=20
kernel32!lstrcmpiW=20
00000000 00000000 00000000 00000000 00000000 00000000=20
EXPLORER!<nosymbols>=20

*----> Vidage brut de la pile <----*
009eff18 85 ce f1 77 03 00 00 00 - 3c ff 9e 00 01 00 00=20
00 ...w....<.......
009eff28 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00=20
00 ................
009eff38 01 00 00 00 24 01 00 00 - 28 01 00 00 38 01 00=20
00 ....$...(...8...
009eff48 58 ff 9e 00 80 00 00 00 - 00 00 00 00 00 00 00=20
00 X...............
009eff58 1e 00 20 00 00 8c fd 7f - 28 01 00 00 00 00 00=20
00 .. .....(.......
009eff68 00 00 00 00 88 ff 9e 00 - 92 cd f1 77 03 00 00=20
00 ...........w....
009eff78 ac ff 9e 00 00 00 00 00 - ff ff ff ff 00 00 00=20
00 ................
009eff88 b8 ff 9e 00 15 22 30 70 - 03 00 00 00 ac ff 9e=20
00 ....."0p........
009eff98 00 00 00 00 ff ff ff ff - 68 fb 87 00 2f 88 f9=20
00 ........h.../...
009effa8 00 00 00 00 24 01 00 00 - 28 01 00 00 38 01 00=20
00 ....$...(...8...
009effb8 ec ff 9e 00 e8 4e f0 77 - 00 00 00 00 68 fb 87=20
00 .....N.w....h...
009effc8 2f 88 f9 00 00 00 00 00 - 2f 88 f9 00 c4 ff 9e=20
00 /......./.......
009effd8 b6 bd f7 77 ff ff ff ff - 44 b7 f3 77 38 d2 f3=20
77 ...w....D..w8..w
009effe8 00 00 00 00 00 00 00 00 - 00 00 00 00 8d 21 30=20
70 .............!0p
009efff8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
009f0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
009f0018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
009f0028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
009f0038 00 00 00 00 04 05 25 04 - 04 00 00 00 00 00 00=20
00 ......%.........
009f0048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
05 ................

Etat de vidage Thread Id 0x573

eax=3D00000000 ebx=3D00000000 ecx=3D000855c8 edx=3D00000000=20
esi=3D00083508 edi=3D00096798
eip=3D77f77f67 esp=3D00dcfdf0 ebp=3D00dcff90 iopl=3D0 nv=20
up ei pl nz na pe nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000202

fonction : ZwReplyWaitReceivePort
77f77f5c b890000000 mov eax,0x90
77f77f61 8d542404 lea edx,
[esp+0x4] ss:3ca3e7f7=3D????????
77f77f65 cd2e int 2e
77f77f67 c21000 ret 0x10
77f77f6a 8bc0 mov eax,eax

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
00dcff90 77e15fa2 77e16821 00083508 00dcffec 00000000=20
ntdll!ZwReplyWaitReceivePort=20
00003a98 00000000 00000000 00000000 00000000 00000000=20
rpcrt4!NdrVaryingArrayFree=20

Une exception d'application s'est produite :
App : EXPLORER.dbg (pid=3D507)
Quand : 4/8/2004 @ 15:30:58.937
Num=E9ro d'exception : c0000005 (violation d'acc=E8s)

*----> Informations syst=E8me <----*
Nom ordinateur : SRV_SYBASE
Nom utilisateur : wlk
Nombre de processeurs : 2
Type de processeur : x86 Family 6 Model 8 Stepping=20
6
Version Windows : 4.0
Num=E9ro actuel : 1381
Service Pack : 5
Type actuel : Multiprocessor Free
Organisation enregistr=E9e : mpf
Propri=E9taire enregistr=E9 : srv_sybase

*----> Liste des t=E2ches <----*
0 Idle.exe
2 System.exe
28 SMSS.exe
42 CSRSS.exe
32 WINLOGON.exe
48 SERVICES.exe
51 LSASS.exe
75 SPOOLSS.exe
93 ASDscSvc.exe
82 Ntagent.exe
97 defwatch.exe
104 llssrv.exe
107 rtvscan.exe
125 RPCSS.exe
128 r_server.exe
136 ATSVC.exe
141 bcksrvr.exe
147 histsrvr.exe
151 sqlsrvr.exe
208 afaagent.exe
215 PSTORES.exe
130 LOCATOR.exe
67 NDDEAGNT.exe
264 PROMon.exe
271 vptray.exe
507 explorer.exe
1375 DRWTSN32.exe
0 _Total.exe

(00400000 - 0042e000) EXPLORER.dbg
(77f70000 - 77fd0000) dll\ntdll.dbg
(77dc0000 - 77dff000) dll\advapi32.dbg
(77f00000 - 77f61000) dll\kernel32.dbg
(77e70000 - 77ec4000) dll\user32.dbg
(77ed0000 - 77efc000) dll\gdi32.dbg
(77e10000 - 77e67000) dll\rpcrt4.dbg
(70bd0000 - 70c14000) SHLWAPI.dbg
(71700000 - 7178a000) COMCTL32.dbg
(70960000 - 70b0c000) SHELL32.dbg
(70730000 - 70947000) SHDOCVW.dbg
(77b20000 - 77bd6000) dll\ole32.dbg
(77bf0000 - 77bf7000) dll\rpcltc1.dbg
(77a40000 - 77a4d000) dll\ntshrui.dbg
(78000000 - 78040000)=20
(72240000 - 7227a000) dll\netapi32.dbg
(77830000 - 77839000) dll\NetRap.dbg
(72280000 - 7228d000) dll\samlib.dbg
(70300000 - 70359000) WEBCHECK.dbg
(77780000 - 77786000) dll\msidle.dbg
(1a400000 - 1a430000) urlmon.dbg
(63000000 - 6304d000) wininet.dbg

Etat de vidage Thread Id 0x17d

eax=3D00000000 ebx=3D00000001 ecx=3D00000401 edx=3D00000000=20
esi=3D00087f28 edi=3D00000000
eip=3D77e72ada esp=3D0006fc98 ebp=3D0006fcb4 iopl=3D0 nv=20
up ei pl zr na po nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000246

fonction : WaitMessage
77e72acf b806120000 mov eax,0x1206
77e72ad4 8d542404 lea edx,
[esp+0x4] ss:3bcde69f=3D????????
77e72ad8 cd2e int 2e
77e72ada c3 ret

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
0006fcb4 7077497a 00000000 00000000 00408215 00087f28=20
user32!WaitMessage=20
0006ff60 00404849 000001fb 00000000 0002062c 00000005=20
SHDOCVW!Ordinal120=20
0006ffc0 77f1ba06 00000000 00000000 7ffdf000 7ffdf000=20
EXPLORER!<nosymbols>=20
0006fff0 00000000 004047d0 00000000 000000b0 00000100=20
kernel32!GetProcessPriorityBoost=20
00000000 00000000 00000000 00000000 00000000 00000000=20
EXPLORER!<nosymbols>=20

*----> Vidage brut de la pile <----*
0006fc98 21 4f 77 70 00 00 00 00 - 28 7f 08 00 01 00 00=20
00 !Owp....(.......
0006fca8 d8 ce f1 77 28 7f 08 00 - 28 7f 08 00 60 ff 06=20
00 ...w(...(...`...
0006fcb8 7a 49 77 70 00 00 00 00 - 00 00 00 00 15 82 40=20
00 zIwp..........@.
0006fcc8 28 7f 08 00 06 4b 40 00 - 28 7f 08 00 00 00 00=20
00 (....K@.(.......
0006fcd8 2c 06 02 00 00 f0 fd 7f - b8 00 00 00 88 fe 06=20
00 ,...............
0006fce8 14 fd 06 00 88 fe 06 00 - 18 00 fd 7f e8 fd 06=20
00 ................
0006fcf8 a8 f5 f8 77 e8 fd 06 00 - fa 05 02 00 18 00 00=20
00 ...w............
0006fd08 a0 fe 06 00 00 e0 fd 7f - 00 00 00 00 69 a0 f7=20
77 ............i..w
0006fd18 9c fe 06 00 00 00 00 80 - 70 fe 06 00 00 e0 fd=20
7f ........p.......
0006fd28 00 f0 fd 7f 00 00 00 00 - 5c 00 52 00 65 00 67=20
00 ........\.R.e.g.
0006fd38 69 00 73 00 74 00 72 00 - 79 00 5c 00 4d 00 61=20
00 i.s.t.r.y.\.M.a.
0006fd48 63 00 68 00 69 00 6e 00 - 65 00 5c 00 53 00 6f=20
00 c.h.i.n.e.\.S.o.
0006fd58 66 00 74 00 77 00 61 00 - 72 00 65 00 5c 00 4d=20
00 f.t.w.a.r.e.\.M.
0006fd68 69 00 63 00 72 00 6f 00 - 73 00 6f 00 66 00 74=20
00 i.c.r.o.s.o.f.t.
0006fd78 5c 00 57 00 69 00 6e 00 - 64 00 6f 00 77 00 73=20
00 \.W.i.n.d.o.w.s.
0006fd88 20 00 4e 00 54 00 5c 00 - 43 00 75 00 72 00 72=20
00 .N.T.\.C.u.r.r.
0006fd98 65 00 6e 00 74 00 56 00 - 52 03 01 00 3f 00 3f=20
00 e.n.t.V.R...?.?.
0006fda8 3f 00 3f 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ?.?.............
0006fdb8 00 00 46 00 1c 10 fc 7f - 22 14 fc 7f 1e 14 fc=20
7f ..F.....".......
0006fdc8 00 00 00 00 e4 04 01 00 - 3f 00 3f 00 3f 00 3f=20
00 ........?.?.?.?.

Etat de vidage Thread Id 0x192

eax=3D007ffea0 ebx=3D007ffdc0 ecx=3D00000001 edx=3D00000000=20
esi=3D7ffdf000 edi=3D00000001
eip=3D77f7828b esp=3D007ffd9c ebp=3D007ffdf0 iopl=3D0 nv=20
up ei pl nz ac pe cy
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c46e7a3=3D????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
007ffdf0 77e7ab66 00000005 007ffe18 00000000 00088323=20
ntdll!NtWaitForMultipleObjects=20
007ffe4c 77e7aaba 00000004 007ffebc 00088323 000000ff=20
user32!MsgWaitForMultipleObjectsEx=20
007ffe68 70976ff7 00000004 007ffebc 00000000 00088323=20
user32!MsgWaitForMultipleObjects=20
00000192 00000000 00000000 00000000 00000000 00000000=20
SHELL32!SHGetDesktopFolder=20

Etat de vidage Thread Id 0x22b

eax=3D00000c18 ebx=3D00000000 ecx=3D0007f298 edx=3D00000000=20
esi=3D00083508 edi=3D0007d6f0
eip=3D77f77f67 esp=3D0083fdf0 ebp=3D0083ff90 iopl=3D0 nv=20
up ei pl nz na po nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000206

fonction : ZwReplyWaitReceivePort
77f77f5c b890000000 mov eax,0x90
77f77f61 8d542404 lea edx,
[esp+0x4] ss:3c4ae7f7=3D????????
77f77f65 cd2e int 2e
77f77f67 c21000 ret 0x10
77f77f6a 8bc0 mov eax,eax

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
0083ff90 77e15fa2 77e16821 00083508 0083ffec 0006f952=20
ntdll!ZwReplyWaitReceivePort=20
00003a98 00000000 00000000 00000000 00000000 00000000=20
rpcrt4!NdrVaryingArrayFree=20

Etat de vidage Thread Id 0x119

eax=3D5200a704 ebx=3D0006fc88 ecx=3D0087ffdc edx=3D00000000=20
esi=3D0006fca4 edi=3D00000000
eip=3D77e72ada esp=3D0087ff64 ebp=3D0087ff84 iopl=3D0 nv=20
up ei pl zr na po nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000246

fonction : WaitMessage
77e72acf b806120000 mov eax,0x1206
77e72ad4 8d542404 lea edx,
[esp+0x4] ss:3c4ee96b=3D????????
77e72ad8 cd2e int 2e
77e72ada c3 ret

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
0087ff84 00407cea 70bd71f7 00400000 00000003 00001000=20
user32!WaitMessage=20
0087ffb8 77f04ee8 0006fc88 00000003 00001000 0006fc88=20
EXPLORER!<nosymbols>=20
0087ffec 00000000 70bd71bd 0006fc88 00000000 00000000=20
kernel32!lstrcmpiW=20
00000000 00000000 00000000 00000000 00000000 00000000=20
EXPLORER!<nosymbols>=20

*----> Vidage brut de la pile <----*
0087ff64 87 7d 40 00 c6 00 64 02 - 0f 00 00 00 00 00 00=20
00 .}@...d.........
0087ff74 00 00 00 00 be 8d 3d 05 - 2c 00 00 00 76 02 00=20
00 ......=3D.,...v...
0087ff84 b8 ff 87 00 ea 7c 40 00 - f7 71 bd 70 00 00 40=20
00 .....|@..q.p..@.
0087ff94 03 00 00 00 00 10 00 00 - d8 7c 40 00 6d 56 40=20
00 .........|@.mV@.
0087ffa4 8c 00 00 00 00 00 40 00 - 00 00 00 00 00 00 00=20
00 ......@.........
0087ffb4 00 00 00 00 ec ff 87 00 - e8 4e f0 77 88 fc 06=20
00 .........N.w....
0087ffc4 03 00 00 00 00 10 00 00 - 88 fc 06 00 00 10 00=20
00 ................
0087ffd4 c4 ff 87 00 5c fb 06 00 - ff ff ff ff 44 b7 f3=20
77 ....\.......D..w
0087ffe4 38 d2 f3 77 00 00 00 00 - 00 00 00 00 00 00 00=20
00 8..w............
0087fff4 bd 71 bd 70 88 fc 06 00 - 00 00 00 00 00 00 00=20
00 .q.p............
00880004 9f 00 01 00 10 00 90 01 - 17 00 b0 01 ff ff ff=20
00 ................
00880014 ff ff ff 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
00880024 01 00 00 00 0d 02 01 01 - 00 00 00 00 00 00 00=20
00 ................
00880034 00 00 00 00 00 00 00 00 - 02 00 00 00 01 00 00=20
00 ................
00880044 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
00880054 01 00 00 00 00 00 00 00 - 00 00 00 00 07 00 8a=20
01 ................
00880064 00 00 00 40 06 00 00 00 - 00 00 00 00 00 00 00=20
00 ...@............
00880074 00 00 00 00 00 00 00 00 - 00 00 00 40 06 00 00=20
00 ...........@....
00880084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
00880094 00 00 00 00 00 00 00 00 - 4b 00 00 00 00 00 00=20
40 ........K......@

Etat de vidage Thread Id 0x530

eax=3D709743f0 ebx=3D008dfea8 ecx=3D00000002 edx=3D00000000=20
esi=3D7ffdf000 edi=3D00000001
eip=3D77f7828b esp=3D008dfe84 ebp=3D008dfed8 iopl=3D0 nv=20
up ei pl nz ac pe cy
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c54e88b=3D????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
008dfed8 77e7ab66 00000001 008dff00 00000000 0000ea60=20
ntdll!NtWaitForMultipleObjects=20
008dff34 77e7aaba 00000000 00000000 0000ea60 000000ff=20
user32!MsgWaitForMultipleObjectsEx=20
008dff50 70982fc9 00000000 00000000 00000000 0000ea60=20
user32!MsgWaitForMultipleObjects=20
008dffb8 77f04ee8 00000530 014100f8 0000004e 00000098=20
SHELL32!Ordinal98=20
008dffec 00000000 70982ebc 00000098 00000000 000000b0=20
kernel32!lstrcmpiW=20
00000000 00000000 00000000 00000000 00000000 00000000=20
EXPLORER!<nosymbols>=20

*----> Vidage brut de la pile <----*
008dfe84 85 ce f1 77 01 00 00 00 - a8 fe 8d 00 01 00 00=20
00 ...w............
008dfe94 00 00 00 00 c8 fe 8d 00 - 00 00 00 00 00 00 00=20
00 ................
008dfea4 00 ff 8d 00 b4 00 00 00 - 1c ff 8d 00 00 00 00=20
00 ................
008dfeb4 5b 12 f7 77 60 55 fb 77 - 61 12 f7 77 30 ff 8d=20
00 [..w`U.wa..w0...
008dfec4 4e 00 00 00 00 ba 3c dc - ff ff ff ff 00 00 00=20
00 N.....<.........
008dfed4 c8 fe 8d 00 34 ff 8d 00 - 66 ab e7 77 01 00 00=20
00 ....4...f..w....
008dfee4 00 ff 8d 00 00 00 00 00 - 60 ea 00 00 00 00 00=20
00 ........`.......
008dfef4 00 00 00 00 00 00 00 00 - d6 59 e7 77 b4 00 00=20
00 .........Y.w....
008dff04 00 10 0b 11 ff ff ff ff - 30 ff 8d 00 b9 5e 96=20
70 ........0....^.p
008dff14 10 53 08 00 0c 53 08 00 - f1 7f e7 77 f8 00 41=20
01 .S...S.....w..A.
008dff24 00 00 00 00 00 00 00 00 - 44 a0 fd 7f b4 00 00=20
00 ........D.......
008dff34 50 ff 8d 00 ba aa e7 77 - 00 00 00 00 00 00 00=20
00 P......w........
008dff44 60 ea 00 00 ff 00 00 00 - 00 00 00 00 b8 ff 8d=20
00 `...............
008dff54 c9 2f 98 70 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ./.p............
008dff64 60 ea 00 00 ff 00 00 00 - f8 00 41 01 4e 00 00=20
00 `.........A.N...
008dff74 98 00 00 00 e0 ae b0 f0 - 04 af b0 f0 f0 ad b0=20
f0 ................
008dff84 01 9d 90 80 c1 50 14 80 - ff ff ff ff 46 02 00=20
00 .....P......F...
008dff94 00 00 00 00 02 05 00 00 - a0 8b 08 00 50 dc 08=20
00 ............P...
008dffa4 9d e4 3c 05 e7 03 00 00 - 33 00 00 00 30 05 00=20
00 ..<.....3...0...
008dffb4 00 00 00 00 ec ff 8d 00 - e8 4e f0 77 30 05 00=20
00 .........N.w0...

Etat de vidage Thread Id 0x318

eax=3D00cdf530 ebx=3D00a2fe60 ecx=3D0001f530 edx=3D00000000=20
esi=3D7ffdf000 edi=3D00000001
eip=3D77f7828b esp=3D00a2fe3c ebp=3D00a2fe90 iopl=3D0 nv=20
up ei pl nz ac pe cy
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c69e843=3D????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
00a2fe90 77e7ab66 00000002 00a2feb8 00000000 0000ea60=20
ntdll!NtWaitForMultipleObjects=20
00a2feec 77e7aaba 00000001 00a2ff40 0000ea60 000000ff=20
user32!MsgWaitForMultipleObjectsEx=20
00a2ff08 70762d0c 00000001 00a2ff40 00000000 0000ea60=20
user32!MsgWaitForMultipleObjects=20
00a2ff88 70bd71f7 0008d9e8 00000000 00000400 70762bde=20
SHDOCVW!URLQualifyW=20
00a2ffb8 77f04ee8 0006fc1c 00000000 00000400 0006fc1c=20
SHLWAPI!Ordinal16=20
00a2ffec 00000000 00000000 00000000 00000000 00000000=20
kernel32!lstrcmpiW=20
00000000 00000000 00000000 00000000 00000000 00000000=20
EXPLORER!<nosymbols>=20

Etat de vidage Thread Id 0x53e

eax=3D00096eb0 ebx=3D00adfe04 ecx=3D0009df58 edx=3D00000000=20
esi=3D7ffdf000 edi=3D00000001
eip=3D77f7828b esp=3D00adfde0 ebp=3D00adfe34 iopl=3D0 nv=20
up ei pl nz ac pe cy
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c74e7e7=3D????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
00adfe34 77f1cd92 00000002 00adff88 00000000 000dbba0=20
ntdll!NtWaitForMultipleObjects=20
00adfe50 6300f7c6 00000002 00adff88 00000000 000dbba0=20
kernel32!WaitForMultipleObjects=20
00adffb8 77f04ee8 00000000 00000068 0087f120 00000000=20
wininet!FindCloseUrlCache=20
00adffec 00000000 6300f71e 00000000 00000000 000000b0=20
kernel32!lstrcmpiW=20
00000000 00000000 00000000 00000000 00000000 00000000=20
EXPLORER!<nosymbols>=20

*----> Vidage brut de la pile <----*
00adfde0 85 ce f1 77 02 00 00 00 - 04 fe ad 00 01 00 00=20
00 ...w............
00adfdf0 00 00 00 00 24 fe ad 00 - 68 00 00 00 38 fb 03=20
63 ....$...h...8..c
00adfe00 00 00 00 00 bc 00 00 00 - d8 00 00 00 00 00 00=20
00 ................
00adfe10 08 04 07 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
00adfe20 04 00 00 00 00 e6 8e e7 - fd ff ff ff 00 00 00=20
00 ................
00adfe30 24 fe ad 00 50 fe ad 00 - 92 cd f1 77 02 00 00=20
00 $...P......w....
00adfe40 88 ff ad 00 00 00 00 00 - a0 bb 0d 00 00 00 00=20
00 ................
00adfe50 b8 ff ad 00 c6 f7 00 63 - 02 00 00 00 88 ff ad=20
00 .......c........
00adfe60 00 00 00 00 a0 bb 0d 00 - 68 00 00 00 20 f1 87=20
00 ........h... ...
00adfe70 00 00 00 00 01 00 00 00 - 02 00 00 00 98 fe ad=20
00 ................
00adfe80 24 c2 00 63 00 00 00 63 - 02 00 00 00 00 00 00=20
00 $..c...c........
00adfe90 c8 80 07 00 00 f0 fd 7f - c0 80 07 00 31 cf f7=20
77 ............1..w
00adfea0 84 00 00 00 00 00 00 00 - 00 f0 fd 7f ed 75 f7=20
77 .............u.w
00adfeb0 60 55 fb 77 5b 12 f7 77 - 60 55 fb 77 61 12 f7=20
77 `U.w[..w`U.wa..w
00adfec0 30 ff ad 00 20 f1 87 00 - 00 00 00 00 00 00 00=20
00 0... ...........
00adfed0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
00adfee0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
00adfef0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
00adff00 00 00 00 00 c0 fe ad 00 - 00 00 00 00 ff ff ff=20
ff ................
00adff10 a4 1f fa 77 e8 d0 fa 77 - ff ff ff ff 00 00 00=20
00 ...w...w........

Etat de vidage Thread Id 0x172

eax=3D0000001c ebx=3D00b4ff3c ecx=3D00b4ff6c edx=3D00000000=20
esi=3D7ffdf000 edi=3D00000001
eip=3D77f7828b esp=3D00b4ff18 ebp=3D00b4ff6c iopl=3D0 nv=20
up ei pl nz ac pe cy
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c7be91f=3D????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
00b4ff6c 77f1cd92 00000003 00b4ffac 00000000 ffffffff=20
ntdll!NtWaitForMultipleObjects=20
00b4ff88 70302215 00000003 00b4ffac 00000000 ffffffff=20
kernel32!WaitForMultipleObjects=20
00b4ffb8 77f04ee8 00000000 0087fb68 00f9882f 00000000=20
WEBCHECK!DllGetClassObject=20
00b4ffec 00000000 7030218d 00000000 00000000 00000000=20
kernel32!lstrcmpiW=20
00000000 00000000 00000000 00000000 00000000 00000000=20
EXPLORER!<nosymbols>=20

*----> Vidage brut de la pile <----*
00b4ff18 85 ce f1 77 03 00 00 00 - 3c ff b4 00 01 00 00=20
00 ...w....<.......
00b4ff28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 10=20
00 ................
00b4ff38 01 00 00 00 38 01 00 00 - 04 01 00 00 24 01 00=20
00 ....8.......$...
00b4ff48 58 ff b4 00 80 00 00 00 - 00 00 00 00 00 00 00=20
00 X...............
00b4ff58 1e 00 20 00 00 7c fd 7f - 04 01 00 00 00 00 00=20
00 .. ..|..........
00b4ff68 00 00 00 00 88 ff b4 00 - 92 cd f1 77 03 00 00=20
00 ...........w....
00b4ff78 ac ff b4 00 00 00 00 00 - ff ff ff ff 00 00 00=20
00 ................
00b4ff88 b8 ff b4 00 15 22 30 70 - 03 00 00 00 ac ff b4=20
00 ....."0p........
00b4ff98 00 00 00 00 ff ff ff ff - 68 fb 87 00 2f 88 f9=20
00 ........h.../...
00b4ffa8 00 00 00 00 38 01 00 00 - 04 01 00 00 24 01 00=20
00 ....8.......$...
00b4ffb8 ec ff b4 00 e8 4e f0 77 - 00 00 00 00 68 fb 87=20
00 .....N.w....h...
00b4ffc8 2f 88 f9 00 00 00 00 00 - 2f 88 f9 00 c4 ff b4=20
00 /......./.......
00b4ffd8 b6 bd f7 77 ff ff ff ff - 44 b7 f3 77 38 d2 f3=20
77 ...w....D..w8..w
00b4ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 8d 21 30=20
70 .............!0p
00b4fff8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
00b50008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
00b50018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
00b50028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
00b50038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................
00b50048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00=20
00 ................

Etat de vidage Thread Id 0x579

eax=3D00000000 ebx=3D000985d8 ecx=3D00098ad8 edx=3D00d8d36c=20
esi=3D00098adc edi=3D00098ad8
eip=3D7073a2d9 esp=3D00d8c310 ebp=3D00d8d940 iopl=3D0 nv=20
up ei pl nz ac pe cy
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D0038 =20
gs=3D0000 efl=3D00000213

fonction : Ordinal104
7073a2b5 83f8ff cmp eax,0xff
7073a2b8 7409 jz =20
Ordinal104+0x38f6 (7073a2c3)
7073a2ba 3b45fc cmp eax,[ebp-
0x4] ss:3c9fc346=3D????????
7073a2bd 0f8f87000000 jnle =20
Ordinal104+0x397d (7073a34a)
7073a2c3 837dfcff cmp dword ptr [ebp-
0x4],0xff ss:3c9fc346=3D????????
7073a2c7 0f8485000000 je =20
Ordinal104+0x3985 (7073a352)
7073a2cd 8b07 mov eax,
[edi] ds:00098ad8=3D00000000
7073a2cf 8d952cfaffff lea edx,
[ebp+0xfffffa2c] ss:00d8d36c=3D000005b4
7073a2d5 52 push edx
7073a2d6 ff75fc push dword ptr [ebp-
0x4] ss:3c9fc346=3D????????
FAUTE ->7073a2d9 8b08 mov ecx,
[eax] ds:00000000=3D????????
7073a2db 50 push eax
7073a2dc ff510c call dword ptr=20
[ecx+0xc] ds:3bd074de=3D????????
7073a2df 8b45fc mov eax,[ebp-
0x4] ss:3c9fc346=3D????????
7073a2e2 8b348550c78170 mov esi,
[7081c750+eax*4] ds:00000000=3D????????
7073a2e9 33ff xor edi,edi
7073a2eb 397df4 cmp [ebp-
0xc],edi ss:3c9fc346=3D????????
7073a2ee 0f8583910400 jne =20
DllCanUnloadNow+0xa31b (70783477)
7073a2f4 8b03 mov eax,
[ebx] ds:000985d8=3D7076f770
7073a2f6 8d8d30faffff lea ecx,
[ebp+0xfffffa30] ss:00d8d370=3D00000000
7073a2fc 57 push edi
7073a2fd 51 push ecx

*----> Parcours arri=E8re de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 =20
Function Name
00d8d940 70732a76 ffffffff 709700e9 000985e4 00000000=20
SHDOCVW!Ordinal104=20
00d8d96c 7077a898 000985e4 709700e8 00000027 00000000=20
SHDOCVW!Ordinal145=20
00d8d998 7097057d 000985e4 709700e8 00000027 00000000=20
SHDOCVW!DllCanUnloadNow=20
00d8d9d8 70970177 000985e4 000985d8 00000001 00000000=20
SHELL32!Ordinal186=20
00d8d9f0 70746385 000a2d98 00000001 00000000 000985d8=20
SHELL32!Ordinal163=20
00d8da08 70748582 00000001 00000001 000985d8 00000000=20
SHDOCVW!Ordinal161=20
00d8e250 707495a4 000985d8 000985d8 00d8e2a0 7073c343=20
SHDOCVW!Ordinal161=20
00d8e26c 707723a6 000985d8 707423a2 000985d8 000985dc=20
SHDOCVW!Ordinal161=20
00d8e2a0 70741ec6 016f00be 00095c48 00000000 00000000=20
SHDOCVW!Ordinal119=20
00d8e2c4 70741626 00095c48 00000000 00000000 00000000=20
SHDOCVW!Ordinal104=20
00d8e2ec 70741f6e 00095c48 00000000 00000000 000969f0=20
SHDOCVW!Ordinal104=20
00d8eb30 7075cdb8 00095c48 00000000 00000000 00d8fd30=20
SHDOCVW!Ordinal104=20
00d8fbb4 7077013a 00095c48 00000001 000985d8 70735103=20
SHDOCVW!DllGetClassObject=20
00d8fc34 707321a8 00430144 00000001 00000000 00d8fd30=20
SHDOCVW!Ordinal119=20
00d8fc6c 7077a3ef 00430144 00000001 00000000 00d8fd30=20
SHDOCVW!Ordinal145=20
00d8fc88 707320a2 00430144 00000001 00000000 00d8fd30=20
SHDOCVW!DllCanUnloadNow=20
00d8fcac 77e719d0 000985d8 00000001 00000000 00d8fd30=20
SHDOCVW!Ordinal145=20
00d8fcc4 77e76143 00446430 00000001 00000000 00d8fd30=20
user32!OffsetRect=20
00d8fcf8 77f863a3 00d8fd08 00000074 00000074 00000010=20
user32!GetSystemMenu=20
00d8fe2c 77e76362 80000100 7075c5a0 00000000 02cf0000=20
ntdll!KiUserCallbackDispatcher=20
00d8fe6c 7075c2bd 00000100 7075c5a0 00000000 02cf0000=20
user32!CreateWindowExA=20
00d8ff2c 7075c1dd 7075c5a0 00780065 006c0070 000969f0=20
SHDOCVW!DllGetClassObject=20
00d8ffb8 77f04ee8 000969f0 00780065 006c0070 000969f0=20
SHDOCVW!DllGetClassObject=20
00d8ffec 00000000 7075c1a1 000969f0 00000000 00000000=20
kernel32!lstrcmpiW=20
00000000 00000000 00000000 00000000 00000000 00000000=20
EXPLORER!<nosymbols>=20

*----> Vidage brut de la pile <----*
00d8c310 00 00 00 00 6c d3 d8 00 - f8 00 97 70 e0 30 73=20
70 ....l......p.0sp
00d8c320 e4 85 09 00 a4 1f fa 77 - 40 d8 fa 77 ff ff ff=20
ff .......w@..w....
00d8c330 f4 c3 d8 00 0e 47 f7 77 - 90 08 07 00 6f 00 00=20
00 .....G.w....o...
00d8c340 10 9c 09 00 0e 00 07 80 - 00 00 00 00 18 79 09=20
00 .............y..
00d8c350 2c 79 09 00 00 00 00 00 - ff ff ff ff 20 c4 d8=20
00 ,y.......... ...
00d8c360 0e 47 f8 c4 d8 00 07 00 - 1c 00 fb 7f 6a 9c 09=20
00 .G..........j...
00d8c370 f0 c4 d8 00 c4 c4 d8 00 - e5 85 96 70 85 79 09=20
00 ...........p.y..
00d8c380 f0 c4 d8 00 00 00 00 00 - c5 85 96 70 45 79 09=20
00 ...........pEy..
00d8c390 f0 c4 d8 00 01 00 00 00 - f0 c4 d8 00 b4 84 96=20
70 ...............p
00d8c3a0 2c 79 09 00 f0 c4 d8 00 - 00 00 00 00 2e d2 d8=20
00 ,y..............
00d8c3b0 00 00 00 00 1c d2 d8 00 - 00 00 07 00 00 00 00=20
00 ................
00d8c3c0 b0 c3 d8 00 5c 00 57 00 - a8 ff d8 00 44 00 69=20
00 ....\.W.....D.i.
00d8c3d0 72 00 65 00 63 00 74 00 - 6f 00 72 00 79 00 00=20
00 r.e.c.t.o.r.y...
00d8c3e0 48 05 07 00 1a 00 00 00 - 78 00 00 00 00 00 00=20
00 H.......x.......
00d8c3f0 08 34 0a 00 18 c4 d8 00 - 8d 11 b2 77 01 00 00=20
00 .4.........w....
00d8c400 00 00 00 00 08 8c 09 00 - 3c 33 09 00 28 33 09=20
00 ........<3..(3..
00d8c410 65 4a 96 70 28 33 09 00 - 64 cd d8 00 00 00 00=20
00 eJ.p(3..d.......
00d8c420 6c 69 09 00 3c c9 d8 00 - 28 33 09 00 07 48 96=20
70 li..<...(3...H.p
00d8c430 28 33 09 00 00 00 00 00 - 6a 9c 09 00 00 00 00=20
00 (3......j.......
00d8c440 4d 40 96 70 00 00 00 00 - 10 9c 09 00 60 3c 96=20
70 M@.p........`<.p

1 réponse

Jean-Philippe Lesage [MS]

08/04/2004 à 17:12

Bonjour,
C'est une violation d'accès d'explorer.exe. Pour simplifier, il tente
d'accéder à un emplacement mémoire ou il ne devrait pas.
Il vaut mieux commencer par mettre à jour le serveur en SP6A+SRP (ne
serait-ce que déjà pour des problèmes de sécurité). Ensuite, il faut voir si
celà continue.
Cordialement,

"Adriana" a écrit dans le message de
news:1a3a901c41d6f$9e732c60$

Une exception d'application s'est produite :
App : EXPLORER.dbg (pidI4)
Quand : 4/8/2004 @ 15:30:10.453
Numéro d'exception : 006d007f
()

*----> Informations système <----*
Nom ordinateur : SRV_SYBASE
Nom utilisateur : wlk
Nombre de processeurs : 2
Type de processeur : x86 Family 6 Model 8 Stepping
6
Version Windows : 4.0
Numéro actuel : 1381
Service Pack : 5
Type actuel : Multiprocessor Free
Organisation enregistrée : mpf
Propriétaire enregistré : srv_sybase

*----> Liste des tâches <----*
0 Idle.exe
2 System.exe
28 SMSS.exe
42 CSRSS.exe
32 WINLOGON.exe
48 SERVICES.exe
51 LSASS.exe
75 SPOOLSS.exe
93 ASDscSvc.exe
82 Ntagent.exe
97 defwatch.exe
104 llssrv.exe
107 rtvscan.exe
125 RPCSS.exe
128 r_server.exe
136 ATSVC.exe
141 bcksrvr.exe
147 histsrvr.exe
151 sqlsrvr.exe
208 afaagent.exe
215 PSTORES.exe
130 LOCATOR.exe
67 NDDEAGNT.exe
264 PROMon.exe
271 vptray.exe
494 explorer.exe
618 DRWTSN32.exe
0 _Total.exe

(00400000 - 0042e000) EXPLORER.dbg
(77f70000 - 77fd0000) dllntdll.dbg
(77dc0000 - 77dff000) dlladvapi32.dbg
(77f00000 - 77f61000) dllkernel32.dbg
(77e70000 - 77ec4000) dlluser32.dbg
(77ed0000 - 77efc000) dllgdi32.dbg
(77e10000 - 77e67000) dllrpcrt4.dbg
(70bd0000 - 70c14000) SHLWAPI.dbg
(71700000 - 7178a000) COMCTL32.dbg
(70960000 - 70b0c000) SHELL32.dbg
(70730000 - 70947000) SHDOCVW.dbg
(77b20000 - 77bd6000) dllole32.dbg
(77bf0000 - 77bf7000) dllrpcltc1.dbg
(70300000 - 70359000) WEBCHECK.dbg
(77780000 - 77786000) dllmsidle.dbg
(1a400000 - 1a430000) urlmon.dbg
(63000000 - 6304d000) wininet.dbg
(77a40000 - 77a4d000) dllntshrui.dbg
(78000000 - 78040000)
(72240000 - 7227a000) dllnetapi32.dbg
(77830000 - 77839000) dllNetRap.dbg
(72280000 - 7228d000) dllsamlib.dbg

Etat de vidage Thread Id 0x193

eax000001 ebx000001 ecx087d70 edxÿffffff
esi087d70 edi000000
eipp74e70e esp06fc98 ebp06fcb4 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl010246

fonction : DllGetClassObject
7074e6ef 7d5c jge
DllGetClassObject+0x1ac (7074e74d)
7074e6f1 54 push esp
7074e6f2 7970 jns
DllGetClassObject+0x1c3 (7074e764)
7074e6f4 656c insb
7074e6f6 696200e83d90fe imul esp,
[edx],0xfe903de8 ds:3bc6ea05=????????
7074e6fd ff6a01 jmp fword ptr
[edx+0x1] ds:3bc6ea05=????????????
7074e700 58 pop eax
7074e701 c20400 ret 0x4
7074e704 836c240430 sub dword ptr
[esp+0x4],0x30 ss:3bcde69f=????????
7074e709 e97c81feff jmp
Ordinal159+0x2083 (7073688a)
7074e70e 55 push ebp
7074e70f 8bec mov ebp,esp
7074e711 83ec1c sub esp,0x1c
7074e714 56 push esi
7074e715 6a01 push 0x1
7074e717 6a00 push 0x0
7074e719 6a00 push 0x0
7074e71b 8d45e4 lea eax,[ebp-
0x1c] ss:3bcde6ba=????????
7074e71e 6a00 push 0x0
7074e720 8bf1 mov esi,ecx
7074e722 50 push eax
7074e723
ff1548187370
ds:70731848we71ade
call dword ptr
[Ordinal145+0x1848 (70731848)]

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006fc94 70774f29 00000000 00087d70 00000001 77f1ced8
SHDOCVW!DllGetClassObject
0006fcb4 7077497a 00000000 00000000 00408215 00087d70
SHDOCVW!Ordinal120
0006ff60 00404849 00400000 00000000 0002062c 00000005
SHDOCVW!Ordinal120
0006ffc0 77f1ba06 00000000 00000000 7ffdf000 7ffdf000
EXPLORER!<nosymbols>
0006fff0 00000000 004047d0 00000000 000000b0 00000100
kernel32!GetProcessPriorityBoost
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
0006fc98 29 4f 77 70 00 00 00 00 - 70 7d 08 00 01 00 00
00 )Owp....p}......
0006fca8 d8 ce f1 77 70 7d 08 00 - 70 7d 08 00 60 ff 06
00 ...wp}..p}..`...
0006fcb8 7a 49 77 70 00 00 00 00 - 00 00 00 00 15 82 40
00
0006fcc8 70 7d 08 00 06 4b 40 00 - 70 7d 08 00 00 00 00
00 p}}......
0006fcd8 2c 06 02 00 00 f0 fd 7f - b8 00 00 00 88 fe 06
00 ,...............
0006fce8 14 fd 06 00 88 fe 06 00 - 18 00 fd 7f e8 fd 06
00 ................
0006fcf8 a8 f5 f8 77 e8 fd 06 00 - fa 05 02 00 18 00 00
00 ...w............
0006fd08 a0 fe 06 00 00 e0 fd 7f - 00 00 00 00 69 a0 f7
77 ............i..w
0006fd18 9c fe 06 00 00 00 00 80 - 70 fe 06 00 00 e0 fd
7f ........p.......
0006fd28 00 f0 fd 7f 00 00 00 00 - 5c 00 52 00 65 00 67
00 .........R.e.g.
0006fd38 69 00 73 00 74 00 72 00 - 79 00 5c 00 4d 00 61
00 i.s.t.r.y..M.a.
0006fd48 63 00 68 00 69 00 6e 00 - 65 00 5c 00 53 00 6f
00 c.h.i.n.e..S.o.
0006fd58 66 00 74 00 77 00 61 00 - 72 00 65 00 5c 00 4d
00 f.t.w.a.r.e..M.
0006fd68 69 00 63 00 72 00 6f 00 - 73 00 6f 00 66 00 74
00 i.c.r.o.s.o.f.t.
0006fd78 5c 00 57 00 69 00 6e 00 - 64 00 6f 00 77 00 73
00 .W.i.n.d.o.w.s.
0006fd88 20 00 4e 00 54 00 5c 00 - 43 00 75 00 72 00 72
00 .N.T..C.u.r.r.
0006fd98 65 00 6e 00 74 00 56 00 - 52 03 01 00 3f 00 3f
00 e.n.t.V.R...?.?.
0006fda8 3f 00 3f 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ?.?.............
0006fdb8 00 00 46 00 1c 10 fc 7f - 22 14 fc 7f 1e 14 fc
7f ..F.....".......
0006fdc8 00 00 00 00 e4 04 01 00 - 3f 00 3f 00 3f 00 3f
00 ........?.?.?.?.

Etat de vidage Thread Id 0x284

eax7ffebc ebx000000 ecx000001 edxÿffffff
esiwe759d6 edi000003
eipp965526 esp7ffe7c ebp000284 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl010246

fonction : Ordinal21
70965509 00ff add bh,bh
7096550b 7424 jz Ordinal21+0x435
(70965531)
7096550d 108b442408ff adc
[ebx+0xff082444],cl ds:ff082444=??
70965513 7424 jz Ordinal21+0x43d
(70965539)
70965515 108b4008ff74 adc
[ebx+0x74ff0840],cl ds:74ff0840=??
7096551b 2410 and al,0x10
7096551d 8b08 mov ecx,
[eax] ds:007ffebc0000b4
7096551f 50 push eax
70965520 ff511c call dword ptr
[ecx+0x1c] ds:3bc6ea07=????????
70965523 c21000 ret 0x10
70965526 55 push ebp
70965527 8bec mov ebp,esp
70965529 81ec10020000 sub esp,0x210
7096552f 57 push edi
70965530 33ff xor edi,edi
70965532 393d6c61a070 cmp
[70a0616c],edi ds:70a0616c0873d8
70965538 897dfc mov [ebp-
0x4],edi ss:3bc6ec8a=????????
7096553b 7451 jz Ordinal21+0x492
(7096558e)
7096553d e89cdeffff call Ordinal128+0x33f
(709633de)
70965542 a16c61a070 mov eax,
[70a0616c] ds:70a0616c0873d8
70965547 8b00 mov eax,
[eax] ds:007ffebc0000b4
70965549 3bc7 cmp eax,edi

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
007ffe78 7097705a 007ffebc 77f9e4f1 00070000 007fffec
SHELL32!Ordinal21
00000284 00000000 00000000 00000000 00000000 00000000
SHELL32!SHGetDesktopFolder

Etat de vidage Thread Id 0x211

eax08c090 ebx000000 ecx08c090 edx000000
esi083508 edi083530
eipwf77f67 esp83fdf0 ebp83ff90 iopl=0 nv
up ei pl nz na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000206

fonction : ZwReplyWaitReceivePort
77f77f5c b890000000 mov eax,0x90
77f77f61 8d542404 lea edx,
[esp+0x4] ss:3c4ae7f7=????????
77f77f65 cd2e int 2e
77f77f67 c21000 ret 0x10
77f77f6a 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0083ff90 77e15fa2 77e16821 00083508 0083ffec 0006f952
ntdll!ZwReplyWaitReceivePort
00003a98 00000000 00000000 00000000 00000000 00000000
rpcrt4!NdrVaryingArrayFree

Etat de vidage Thread Id 0x132

eax87fe54 ebx000000 ecxÿffffff edx87fef8
esi87fe6c edi400000
eipwf1d493 esp87fe50 ebp87fea4 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000246

fonction : RaiseException
77f1d476 83c604 add esi,0x4
77f1d479 8bc1 mov eax,ecx
77f1d47b 49 dec ecx
77f1d47c 85c0 test eax,eax
77f1d47e 75ef jnz
RaiseException+0x46 (77f1d46f)
77f1d480 eb07 jmp
RaiseException+0x60 (77f1d489)
77f1d482 c745c000000000 mov dword ptr [ebp-
0x40],0x0 ss:3c4ee8aa=????????
77f1d489 8d45b0 lea eax,[ebp-
0x50] ss:3c4ee8aa=????????
77f1d48c 50 push eax
77f1d48d
ff15b4c3f377
ds:77f3c3b4wf98f6c
call dword ptr
[GetDateFormatW+0x4d9f (77f3c3b4)]
FAUTE ->77f1d493 5e pop esi
77f1d494 8be5 mov esp,ebp
77f1d496 5d pop ebp
77f1d497 c21000 ret 0x10

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0087fea4 70302799 006d007f 00000000 00000001 0087fef4
kernel32!RaiseException
0087feec 70324bfa 0087fec8 7032a664 ffffffff 00000601
WEBCHECK!DllGetClassObject
00000001 00000000 00000000 00000000 00000000 00000000
WEBCHECK!<nosymbols>

*----> Vidage brut de la pile <----*
0087fe50 c0 76 32 70 7f 00 6d 00 - 00 00 00 00 00 00 00
00 .v2p..m.........
0087fe60 93 d4 f1 77 01 00 00 00 - c8 fe 87 00 84 fe 87
00 ...w............
0087fe70 00 00 40 1a 00 00 32 70 - 00 00 00 00 5c 8c f9
77
0087fe80 39 01 00 c0 ac fe 87 00 - 75 17 f0 77 7f 00 00
00 9.......u..w....
0087fe90 00 00 32 70 17 40 f1 77 - 39 01 00 c0 c0 76 32
70
0087fea0 17 00 18 00 ec fe 87 00 - 99 27 30 70 7f 00 6d
00 .........'0p..m.
0087feb0 00 00 00 00 01 00 00 00 - f4 fe 87 00 d5 11 2d
05 ..............-.
0087fec0 00 00 00 00 01 00 00 00 - 24 00 00 00 c0 76 32
70 ........$....v2p
0087fed0 64 a6 32 70 e0 74 32 70 - 01 00 00 00 8c 7e 32
70 d.2p.t2p.....~2p
0087fee0 00 00 40 1a 00 00 00 00 - 7f 00 00 00 01 00 00
00
0087fef0 fa 4b 32 70 c8 fe 87 00 - 64 a6 32 70 ff ff ff
ff .K2p....d.2p....
0087ff00 01 06 00 00 c7 43 32 70 - 40 74 32 70 00 70 32
70
0087ff10 00 00 00 00 00 00 00 00 - 1c 12 78 77 01 00 00
00 ..........xw....
0087ff20 00 00 00 00 68 ff 87 00 - 84 ff 87 00 97 11 78
77 ....h.........xw
0087ff30 5c 18 e7 77 00 00 00 00 - 13 01 00 00 b0 77 00
00 ..w.........w..
0087ff40 c5 d8 2f 05 84 ff 87 00 - 00 00 00 00 a4 fc 06
00 ../.............
0087ff50 88 fc 06 00 d3 59 e7 77 - 68 ff 87 00 00 00 00
00 .....Y.wh.......
0087ff60 3f 7d 40 00 68 ff 87 00 - 00 00 00 00 13 01 00
00 ?}@.h...........
0087ff70 b0 77 00 00 97 11 78 77 - c5 d8 2f 05 e0 03 00
00 .w....xw../.....
0087ff80 09 00 00 00 b8 ff 87 00 - ea 7c 40 00 f7 71 bd
70 .........|@..q.p

Etat de vidage Thread Id 0x137

eax00008c ebx95fe04 ecx95fe24 edx000000
esifdf000 edi000001
eipwf7828b esp95fde0 ebp95fe34 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c5ce7e7=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0095fe34 77f1cd92 00000002 0095ff88 00000000 000dbba0
ntdll!NtWaitForMultipleObjects
0095fe50 6300f7c6 00000002 0095ff88 00000000 000dbba0
kernel32!WaitForMultipleObjects
0095ffb8 77f04ee8 00000000 00000068 0087f120 00000000
wininet!FindCloseUrlCache
0095ffec 00000000 00000000 00000000 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

Etat de vidage Thread Id 0x1ae

eax00001c ebx9eff3c ecx9eff6c edx000000
esifdf000 edi000001
eipwf7828b esp9eff18 ebp9eff6c iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c65e91f=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
009eff6c 77f1cd92 00000003 009effac 00000000 ffffffff
ntdll!NtWaitForMultipleObjects
009eff88 70302215 00000003 009effac 00000000 ffffffff
kernel32!WaitForMultipleObjects
009effb8 77f04ee8 00000000 0087fb68 00f9882f 00000000
WEBCHECK!DllGetClassObject
009effec 00000000 7030218d 00000000 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
009eff18 85 ce f1 77 03 00 00 00 - 3c ff 9e 00 01 00 00
00 ...w....<.......
009eff28 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
009eff38 01 00 00 00 24 01 00 00 - 28 01 00 00 38 01 00
00 ....$...(...8...
009eff48 58 ff 9e 00 80 00 00 00 - 00 00 00 00 00 00 00
00 X...............
009eff58 1e 00 20 00 00 8c fd 7f - 28 01 00 00 00 00 00
00 .. .....(.......
009eff68 00 00 00 00 88 ff 9e 00 - 92 cd f1 77 03 00 00
00 ...........w....
009eff78 ac ff 9e 00 00 00 00 00 - ff ff ff ff 00 00 00
00 ................
009eff88 b8 ff 9e 00 15 22 30 70 - 03 00 00 00 ac ff 9e
00 ....."0p........
009eff98 00 00 00 00 ff ff ff ff - 68 fb 87 00 2f 88 f9
00 ........h.../...
009effa8 00 00 00 00 24 01 00 00 - 28 01 00 00 38 01 00
00 ....$...(...8...
009effb8 ec ff 9e 00 e8 4e f0 77 - 00 00 00 00 68 fb 87
00 .....N.w....h...
009effc8 2f 88 f9 00 00 00 00 00 - 2f 88 f9 00 c4 ff 9e
00 /......./.......
009effd8 b6 bd f7 77 ff ff ff ff - 44 b7 f3 77 38 d2 f3
77 ...w....D..w8..w
009effe8 00 00 00 00 00 00 00 00 - 00 00 00 00 8d 21 30
70 .............!0p
009efff8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
009f0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
009f0018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
009f0028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
009f0038 00 00 00 00 04 05 25 04 - 04 00 00 00 00 00 00
00 ......%.........
009f0048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
05 ................

Etat de vidage Thread Id 0x573

eax000000 ebx000000 ecx0855c8 edx000000
esi083508 edi096798
eipwf77f67 espdcfdf0 ebpdcff90 iopl=0 nv
up ei pl nz na pe nc
cs1b ss23 ds23 es23 fs38
gs00 efl000202

fonction : ZwReplyWaitReceivePort
77f77f5c b890000000 mov eax,0x90
77f77f61 8d542404 lea edx,
[esp+0x4] ss:3ca3e7f7=????????
77f77f65 cd2e int 2e
77f77f67 c21000 ret 0x10
77f77f6a 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00dcff90 77e15fa2 77e16821 00083508 00dcffec 00000000
ntdll!ZwReplyWaitReceivePort
00003a98 00000000 00000000 00000000 00000000 00000000
rpcrt4!NdrVaryingArrayFree

Une exception d'application s'est produite :
App : EXPLORER.dbg (pidP7)
Quand : 4/8/2004 @ 15:30:58.937
Numéro d'exception : c0000005 (violation d'accès)

*----> Informations système <----*
Nom ordinateur : SRV_SYBASE
Nom utilisateur : wlk
Nombre de processeurs : 2
Type de processeur : x86 Family 6 Model 8 Stepping
6
Version Windows : 4.0
Numéro actuel : 1381
Service Pack : 5
Type actuel : Multiprocessor Free
Organisation enregistrée : mpf
Propriétaire enregistré : srv_sybase

*----> Liste des tâches <----*
0 Idle.exe
2 System.exe
28 SMSS.exe
42 CSRSS.exe
32 WINLOGON.exe
48 SERVICES.exe
51 LSASS.exe
75 SPOOLSS.exe
93 ASDscSvc.exe
82 Ntagent.exe
97 defwatch.exe
104 llssrv.exe
107 rtvscan.exe
125 RPCSS.exe
128 r_server.exe
136 ATSVC.exe
141 bcksrvr.exe
147 histsrvr.exe
151 sqlsrvr.exe
208 afaagent.exe
215 PSTORES.exe
130 LOCATOR.exe
67 NDDEAGNT.exe
264 PROMon.exe
271 vptray.exe
507 explorer.exe
1375 DRWTSN32.exe
0 _Total.exe

(00400000 - 0042e000) EXPLORER.dbg
(77f70000 - 77fd0000) dllntdll.dbg
(77dc0000 - 77dff000) dlladvapi32.dbg
(77f00000 - 77f61000) dllkernel32.dbg
(77e70000 - 77ec4000) dlluser32.dbg
(77ed0000 - 77efc000) dllgdi32.dbg
(77e10000 - 77e67000) dllrpcrt4.dbg
(70bd0000 - 70c14000) SHLWAPI.dbg
(71700000 - 7178a000) COMCTL32.dbg
(70960000 - 70b0c000) SHELL32.dbg
(70730000 - 70947000) SHDOCVW.dbg
(77b20000 - 77bd6000) dllole32.dbg
(77bf0000 - 77bf7000) dllrpcltc1.dbg
(77a40000 - 77a4d000) dllntshrui.dbg
(78000000 - 78040000)
(72240000 - 7227a000) dllnetapi32.dbg
(77830000 - 77839000) dllNetRap.dbg
(72280000 - 7228d000) dllsamlib.dbg
(70300000 - 70359000) WEBCHECK.dbg
(77780000 - 77786000) dllmsidle.dbg
(1a400000 - 1a430000) urlmon.dbg
(63000000 - 6304d000) wininet.dbg

Etat de vidage Thread Id 0x17d

eax000000 ebx000001 ecx000401 edx000000
esi087f28 edi000000
eipwe72ada esp06fc98 ebp06fcb4 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000246

fonction : WaitMessage
77e72acf b806120000 mov eax,0x1206
77e72ad4 8d542404 lea edx,
[esp+0x4] ss:3bcde69f=????????
77e72ad8 cd2e int 2e
77e72ada c3 ret

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006fcb4 7077497a 00000000 00000000 00408215 00087f28
user32!WaitMessage
0006ff60 00404849 000001fb 00000000 0002062c 00000005
SHDOCVW!Ordinal120
0006ffc0 77f1ba06 00000000 00000000 7ffdf000 7ffdf000
EXPLORER!<nosymbols>
0006fff0 00000000 004047d0 00000000 000000b0 00000100
kernel32!GetProcessPriorityBoost
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
0006fc98 21 4f 77 70 00 00 00 00 - 28 7f 08 00 01 00 00
00 !Owp....(.......
0006fca8 d8 ce f1 77 28 7f 08 00 - 28 7f 08 00 60 ff 06
00 ...w(...(...`...
0006fcb8 7a 49 77 70 00 00 00 00 - 00 00 00 00 15 82 40
00
0006fcc8 28 7f 08 00 06 4b 40 00 - 28 7f 08 00 00 00 00
00 ((.......
0006fcd8 2c 06 02 00 00 f0 fd 7f - b8 00 00 00 88 fe 06
00 ,...............
0006fce8 14 fd 06 00 88 fe 06 00 - 18 00 fd 7f e8 fd 06
00 ................
0006fcf8 a8 f5 f8 77 e8 fd 06 00 - fa 05 02 00 18 00 00
00 ...w............
0006fd08 a0 fe 06 00 00 e0 fd 7f - 00 00 00 00 69 a0 f7
77 ............i..w
0006fd18 9c fe 06 00 00 00 00 80 - 70 fe 06 00 00 e0 fd
7f ........p.......
0006fd28 00 f0 fd 7f 00 00 00 00 - 5c 00 52 00 65 00 67
00 .........R.e.g.
0006fd38 69 00 73 00 74 00 72 00 - 79 00 5c 00 4d 00 61
00 i.s.t.r.y..M.a.
0006fd48 63 00 68 00 69 00 6e 00 - 65 00 5c 00 53 00 6f
00 c.h.i.n.e..S.o.
0006fd58 66 00 74 00 77 00 61 00 - 72 00 65 00 5c 00 4d
00 f.t.w.a.r.e..M.
0006fd68 69 00 63 00 72 00 6f 00 - 73 00 6f 00 66 00 74
00 i.c.r.o.s.o.f.t.
0006fd78 5c 00 57 00 69 00 6e 00 - 64 00 6f 00 77 00 73
00 .W.i.n.d.o.w.s.
0006fd88 20 00 4e 00 54 00 5c 00 - 43 00 75 00 72 00 72
00 .N.T..C.u.r.r.
0006fd98 65 00 6e 00 74 00 56 00 - 52 03 01 00 3f 00 3f
00 e.n.t.V.R...?.?.
0006fda8 3f 00 3f 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ?.?.............
0006fdb8 00 00 46 00 1c 10 fc 7f - 22 14 fc 7f 1e 14 fc
7f ..F.....".......
0006fdc8 00 00 00 00 e4 04 01 00 - 3f 00 3f 00 3f 00 3f
00 ........?.?.?.?.

Etat de vidage Thread Id 0x192

eax7ffea0 ebx7ffdc0 ecx000001 edx000000
esifdf000 edi000001
eipwf7828b esp7ffd9c ebp7ffdf0 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c46e7a3=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
007ffdf0 77e7ab66 00000005 007ffe18 00000000 00088323
ntdll!NtWaitForMultipleObjects
007ffe4c 77e7aaba 00000004 007ffebc 00088323 000000ff
user32!MsgWaitForMultipleObjectsEx
007ffe68 70976ff7 00000004 007ffebc 00000000 00088323
user32!MsgWaitForMultipleObjects
00000192 00000000 00000000 00000000 00000000 00000000
SHELL32!SHGetDesktopFolder

Etat de vidage Thread Id 0x22b

eax000c18 ebx000000 ecx07f298 edx000000
esi083508 edi07d6f0
eipwf77f67 esp83fdf0 ebp83ff90 iopl=0 nv
up ei pl nz na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000206

fonction : ZwReplyWaitReceivePort
77f77f5c b890000000 mov eax,0x90
77f77f61 8d542404 lea edx,
[esp+0x4] ss:3c4ae7f7=????????
77f77f65 cd2e int 2e
77f77f67 c21000 ret 0x10
77f77f6a 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0083ff90 77e15fa2 77e16821 00083508 0083ffec 0006f952
ntdll!ZwReplyWaitReceivePort
00003a98 00000000 00000000 00000000 00000000 00000000
rpcrt4!NdrVaryingArrayFree

Etat de vidage Thread Id 0x119

eaxR00a704 ebx06fc88 ecx87ffdc edx000000
esi06fca4 edi000000
eipwe72ada esp87ff64 ebp87ff84 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000246

fonction : WaitMessage
77e72acf b806120000 mov eax,0x1206
77e72ad4 8d542404 lea edx,
[esp+0x4] ss:3c4ee96b=????????
77e72ad8 cd2e int 2e
77e72ada c3 ret

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0087ff84 00407cea 70bd71f7 00400000 00000003 00001000
user32!WaitMessage
0087ffb8 77f04ee8 0006fc88 00000003 00001000 0006fc88
EXPLORER!<nosymbols>
0087ffec 00000000 70bd71bd 0006fc88 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
0087ff64 87 7d 40 00 c6 00 64 02 - 0f 00 00 00 00 00 00
00 .}@...d.........
0087ff74 00 00 00 00 be 8d 3d 05 - 2c 00 00 00 76 02 00
00 ......=.,...v...
0087ff84 b8 ff 87 00 ea 7c 40 00 - f7 71 bd 70 00 00 40
00 .....|@
0087ff94 03 00 00 00 00 10 00 00 - d8 7c 40 00 6d 56 40
00 .........|@
0087ffa4 8c 00 00 00 00 00 40 00 - 00 00 00 00 00 00 00
00
0087ffb4 00 00 00 00 ec ff 87 00 - e8 4e f0 77 88 fc 06
00 .........N.w....
0087ffc4 03 00 00 00 00 10 00 00 - 88 fc 06 00 00 10 00
00 ................
0087ffd4 c4 ff 87 00 5c fb 06 00 - ff ff ff ff 44 b7 f3
77 ...........D..w
0087ffe4 38 d2 f3 77 00 00 00 00 - 00 00 00 00 00 00 00
00 8..w............
0087fff4 bd 71 bd 70 88 fc 06 00 - 00 00 00 00 00 00 00
00 .q.p............
00880004 9f 00 01 00 10 00 90 01 - 17 00 b0 01 ff ff ff
00 ................
00880014 ff ff ff 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00880024 01 00 00 00 0d 02 01 01 - 00 00 00 00 00 00 00
00 ................
00880034 00 00 00 00 00 00 00 00 - 02 00 00 00 01 00 00
00 ................
00880044 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00880054 01 00 00 00 00 00 00 00 - 00 00 00 00 07 00 8a
01 ................
00880064 00 00 00 40 06 00 00 00 - 00 00 00 00 00 00 00
00
00880074 00 00 00 00 00 00 00 00 - 00 00 00 40 06 00 00
00
00880084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00880094 00 00 00 00 00 00 00 00 - 4b 00 00 00 00 00 00
40 ........K......@

Etat de vidage Thread Id 0x530

eaxp9743f0 ebx8dfea8 ecx000002 edx000000
esifdf000 edi000001
eipwf7828b esp8dfe84 ebp8dfed8 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c54e88b=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
008dfed8 77e7ab66 00000001 008dff00 00000000 0000ea60
ntdll!NtWaitForMultipleObjects
008dff34 77e7aaba 00000000 00000000 0000ea60 000000ff
user32!MsgWaitForMultipleObjectsEx
008dff50 70982fc9 00000000 00000000 00000000 0000ea60
user32!MsgWaitForMultipleObjects
008dffb8 77f04ee8 00000530 014100f8 0000004e 00000098
SHELL32!Ordinal98
008dffec 00000000 70982ebc 00000098 00000000 000000b0
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
008dfe84 85 ce f1 77 01 00 00 00 - a8 fe 8d 00 01 00 00
00 ...w............
008dfe94 00 00 00 00 c8 fe 8d 00 - 00 00 00 00 00 00 00
00 ................
008dfea4 00 ff 8d 00 b4 00 00 00 - 1c ff 8d 00 00 00 00
00 ................
008dfeb4 5b 12 f7 77 60 55 fb 77 - 61 12 f7 77 30 ff 8d
00 [..w`U.wa..w0...
008dfec4 4e 00 00 00 00 ba 3c dc - ff ff ff ff 00 00 00
00 N.....<.........
008dfed4 c8 fe 8d 00 34 ff 8d 00 - 66 ab e7 77 01 00 00
00 ....4...f..w....
008dfee4 00 ff 8d 00 00 00 00 00 - 60 ea 00 00 00 00 00
00 ........`.......
008dfef4 00 00 00 00 00 00 00 00 - d6 59 e7 77 b4 00 00
00 .........Y.w....
008dff04 00 10 0b 11 ff ff ff ff - 30 ff 8d 00 b9 5e 96
70 ........0....^.p
008dff14 10 53 08 00 0c 53 08 00 - f1 7f e7 77 f8 00 41
01 .S...S.....w..A.
008dff24 00 00 00 00 00 00 00 00 - 44 a0 fd 7f b4 00 00
00 ........D.......
008dff34 50 ff 8d 00 ba aa e7 77 - 00 00 00 00 00 00 00
00 P......w........
008dff44 60 ea 00 00 ff 00 00 00 - 00 00 00 00 b8 ff 8d
00 `...............
008dff54 c9 2f 98 70 00 00 00 00 - 00 00 00 00 00 00 00
00 ./.p............
008dff64 60 ea 00 00 ff 00 00 00 - f8 00 41 01 4e 00 00
00 `.........A.N...
008dff74 98 00 00 00 e0 ae b0 f0 - 04 af b0 f0 f0 ad b0
f0 ................
008dff84 01 9d 90 80 c1 50 14 80 - ff ff ff ff 46 02 00
00 .....P......F...
008dff94 00 00 00 00 02 05 00 00 - a0 8b 08 00 50 dc 08
00 ............P...
008dffa4 9d e4 3c 05 e7 03 00 00 - 33 00 00 00 30 05 00
00 ..<.....3...0...
008dffb4 00 00 00 00 ec ff 8d 00 - e8 4e f0 77 30 05 00
00 .........N.w0...

Etat de vidage Thread Id 0x318

eaxcdf530 ebxa2fe60 ecx01f530 edx000000
esifdf000 edi000001
eipwf7828b espa2fe3c ebpa2fe90 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c69e843=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00a2fe90 77e7ab66 00000002 00a2feb8 00000000 0000ea60
ntdll!NtWaitForMultipleObjects
00a2feec 77e7aaba 00000001 00a2ff40 0000ea60 000000ff
user32!MsgWaitForMultipleObjectsEx
00a2ff08 70762d0c 00000001 00a2ff40 00000000 0000ea60
user32!MsgWaitForMultipleObjects
00a2ff88 70bd71f7 0008d9e8 00000000 00000400 70762bde
SHDOCVW!URLQualifyW
00a2ffb8 77f04ee8 0006fc1c 00000000 00000400 0006fc1c
SHLWAPI!Ordinal16
00a2ffec 00000000 00000000 00000000 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

Etat de vidage Thread Id 0x53e

eax096eb0 ebxadfe04 ecx09df58 edx000000
esifdf000 edi000001
eipwf7828b espadfde0 ebpadfe34 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c74e7e7=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00adfe34 77f1cd92 00000002 00adff88 00000000 000dbba0
ntdll!NtWaitForMultipleObjects
00adfe50 6300f7c6 00000002 00adff88 00000000 000dbba0
kernel32!WaitForMultipleObjects
00adffb8 77f04ee8 00000000 00000068 0087f120 00000000
wininet!FindCloseUrlCache
00adffec 00000000 6300f71e 00000000 00000000 000000b0
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
00adfde0 85 ce f1 77 02 00 00 00 - 04 fe ad 00 01 00 00
00 ...w............
00adfdf0 00 00 00 00 24 fe ad 00 - 68 00 00 00 38 fb 03
63 ....$...h...8..c
00adfe00 00 00 00 00 bc 00 00 00 - d8 00 00 00 00 00 00
00 ................
00adfe10 08 04 07 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00adfe20 04 00 00 00 00 e6 8e e7 - fd ff ff ff 00 00 00
00 ................
00adfe30 24 fe ad 00 50 fe ad 00 - 92 cd f1 77 02 00 00
00 $...P......w....
00adfe40 88 ff ad 00 00 00 00 00 - a0 bb 0d 00 00 00 00
00 ................
00adfe50 b8 ff ad 00 c6 f7 00 63 - 02 00 00 00 88 ff ad
00 .......c........
00adfe60 00 00 00 00 a0 bb 0d 00 - 68 00 00 00 20 f1 87
00 ........h... ...
00adfe70 00 00 00 00 01 00 00 00 - 02 00 00 00 98 fe ad
00 ................
00adfe80 24 c2 00 63 00 00 00 63 - 02 00 00 00 00 00 00
00 $..c...c........
00adfe90 c8 80 07 00 00 f0 fd 7f - c0 80 07 00 31 cf f7
77 ............1..w
00adfea0 84 00 00 00 00 00 00 00 - 00 f0 fd 7f ed 75 f7
77 .............u.w
00adfeb0 60 55 fb 77 5b 12 f7 77 - 60 55 fb 77 61 12 f7
77 `U.w[..w`U.wa..w
00adfec0 30 ff ad 00 20 f1 87 00 - 00 00 00 00 00 00 00
00 0... ...........
00adfed0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00adfee0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00adfef0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00adff00 00 00 00 00 c0 fe ad 00 - 00 00 00 00 ff ff ff
ff ................
00adff10 a4 1f fa 77 e8 d0 fa 77 - ff ff ff ff 00 00 00
00 ...w...w........

Etat de vidage Thread Id 0x172

eax00001c ebxb4ff3c ecxb4ff6c edx000000
esifdf000 edi000001
eipwf7828b espb4ff18 ebpb4ff6c iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c7be91f=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00b4ff6c 77f1cd92 00000003 00b4ffac 00000000 ffffffff
ntdll!NtWaitForMultipleObjects
00b4ff88 70302215 00000003 00b4ffac 00000000 ffffffff
kernel32!WaitForMultipleObjects
00b4ffb8 77f04ee8 00000000 0087fb68 00f9882f 00000000
WEBCHECK!DllGetClassObject
00b4ffec 00000000 7030218d 00000000 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
00b4ff18 85 ce f1 77 03 00 00 00 - 3c ff b4 00 01 00 00
00 ...w....<.......
00b4ff28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 10
00 ................
00b4ff38 01 00 00 00 38 01 00 00 - 04 01 00 00 24 01 00
00 ....8.......$...
00b4ff48 58 ff b4 00 80 00 00 00 - 00 00 00 00 00 00 00
00 X...............
00b4ff58 1e 00 20 00 00 7c fd 7f - 04 01 00 00 00 00 00
00 .. ..|..........
00b4ff68 00 00 00 00 88 ff b4 00 - 92 cd f1 77 03 00 00
00 ...........w....
00b4ff78 ac ff b4 00 00 00 00 00 - ff ff ff ff 00 00 00
00 ................
00b4ff88 b8 ff b4 00 15 22 30 70 - 03 00 00 00 ac ff b4
00 ....."0p........
00b4ff98 00 00 00 00 ff ff ff ff - 68 fb 87 00 2f 88 f9
00 ........h.../...
00b4ffa8 00 00 00 00 38 01 00 00 - 04 01 00 00 24 01 00
00 ....8.......$...
00b4ffb8 ec ff b4 00 e8 4e f0 77 - 00 00 00 00 68 fb 87
00 .....N.w....h...
00b4ffc8 2f 88 f9 00 00 00 00 00 - 2f 88 f9 00 c4 ff b4
00 /......./.......
00b4ffd8 b6 bd f7 77 ff ff ff ff - 44 b7 f3 77 38 d2 f3
77 ...w....D..w8..w
00b4ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 8d 21 30
70 .............!0p
00b4fff8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................

Etat de vidage Thread Id 0x579

eax000000 ebx0985d8 ecx098ad8 edxd8d36c
esi098adc edi098ad8
eipp73a2d9 espd8c310 ebpd8d940 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : Ordinal104
7073a2b5 83f8ff cmp eax,0xff
7073a2b8 7409 jz
Ordinal104+0x38f6 (7073a2c3)
7073a2ba 3b45fc cmp eax,[ebp-
0x4] ss:3c9fc346=????????
7073a2bd 0f8f87000000 jnle
Ordinal104+0x397d (7073a34a)
7073a2c3 837dfcff cmp dword ptr [ebp-
0x4],0xff ss:3c9fc346=????????
7073a2c7 0f8485000000 je
Ordinal104+0x3985 (7073a352)
7073a2cd 8b07 mov eax,
[edi] ds:00098ad8000000
7073a2cf 8d952cfaffff lea edx,
[ebp+0xfffffa2c] ss:00d8d36c0005b4
7073a2d5 52 push edx
7073a2d6 ff75fc push dword ptr [ebp-
0x4] ss:3c9fc346=????????
FAUTE ->7073a2d9 8b08 mov ecx,
[eax] ds:00000000=????????
7073a2db 50 push eax
7073a2dc ff510c call dword ptr
[ecx+0xc] ds:3bd074de=????????
7073a2df 8b45fc mov eax,[ebp-
0x4] ss:3c9fc346=????????
7073a2e2 8b348550c78170 mov esi,
[7081c750+eax*4] ds:00000000=????????
7073a2e9 33ff xor edi,edi
7073a2eb 397df4 cmp [ebp-
0xc],edi ss:3c9fc346=????????
7073a2ee 0f8583910400 jne
DllCanUnloadNow+0xa31b (70783477)
7073a2f4 8b03 mov eax,
[ebx] ds:000985d8p76f770
7073a2f6 8d8d30faffff lea ecx,
[ebp+0xfffffa30] ss:00d8d370000000
7073a2fc 57 push edi
7073a2fd 51 push ecx

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00d8d940 70732a76 ffffffff 709700e9 000985e4 00000000
SHDOCVW!Ordinal104
00d8d96c 7077a898 000985e4 709700e8 00000027 00000000
SHDOCVW!Ordinal145
00d8d998 7097057d 000985e4 709700e8 00000027 00000000
SHDOCVW!DllCanUnloadNow
00d8d9d8 70970177 000985e4 000985d8 00000001 00000000
SHELL32!Ordinal186
00d8d9f0 70746385 000a2d98 00000001 00000000 000985d8
SHELL32!Ordinal163
00d8da08 70748582 00000001 00000001 000985d8 00000000
SHDOCVW!Ordinal161
00d8e250 707495a4 000985d8 000985d8 00d8e2a0 7073c343
SHDOCVW!Ordinal161
00d8e26c 707723a6 000985d8 707423a2 000985d8 000985dc
SHDOCVW!Ordinal161
00d8e2a0 70741ec6 016f00be 00095c48 00000000 00000000
SHDOCVW!Ordinal119
00d8e2c4 70741626 00095c48 00000000 00000000 00000000
SHDOCVW!Ordinal104
00d8e2ec 70741f6e 00095c48 00000000 00000000 000969f0
SHDOCVW!Ordinal104
00d8eb30 7075cdb8 00095c48 00000000 00000000 00d8fd30
SHDOCVW!Ordinal104
00d8fbb4 7077013a 00095c48 00000001 000985d8 70735103
SHDOCVW!DllGetClassObject
00d8fc34 707321a8 00430144 00000001 00000000 00d8fd30
SHDOCVW!Ordinal119
00d8fc6c 7077a3ef 00430144 00000001 00000000 00d8fd30
SHDOCVW!Ordinal145
00d8fc88 707320a2 00430144 00000001 00000000 00d8fd30
SHDOCVW!DllCanUnloadNow
00d8fcac 77e719d0 000985d8 00000001 00000000 00d8fd30
SHDOCVW!Ordinal145
00d8fcc4 77e76143 00446430 00000001 00000000 00d8fd30
user32!OffsetRect
00d8fcf8 77f863a3 00d8fd08 00000074 00000074 00000010
user32!GetSystemMenu
00d8fe2c 77e76362 80000100 7075c5a0 00000000 02cf0000
ntdll!KiUserCallbackDispatcher
00d8fe6c 7075c2bd 00000100 7075c5a0 00000000 02cf0000
user32!CreateWindowExA
00d8ff2c 7075c1dd 7075c5a0 00780065 006c0070 000969f0
SHDOCVW!DllGetClassObject
00d8ffb8 77f04ee8 000969f0 00780065 006c0070 000969f0
SHDOCVW!DllGetClassObject
00d8ffec 00000000 7075c1a1 000969f0 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
00d8c310 00 00 00 00 6c d3 d8 00 - f8 00 97 70 e0 30 73
70 ....l......p.0sp
00d8c320 e4 85 09 00 a4 1f fa 77 - 40 d8 fa 77 ff ff ff
ff
00d8c330 f4 c3 d8 00 0e 47 f7 77 - 90 08 07 00 6f 00 00
00 .....G.w....o...
00d8c340 10 9c 09 00 0e 00 07 80 - 00 00 00 00 18 79 09
00 .............y..
00d8c350 2c 79 09 00 00 00 00 00 - ff ff ff ff 20 c4 d8
00 ,y.......... ...
00d8c360 0e 47 f8 c4 d8 00 07 00 - 1c 00 fb 7f 6a 9c 09
00 .G..........j...
00d8c370 f0 c4 d8 00 c4 c4 d8 00 - e5 85 96 70 85 79 09
00 ...........p.y..
00d8c380 f0 c4 d8 00 00 00 00 00 - c5 85 96 70 45 79 09
00 ...........pEy..
00d8c390 f0 c4 d8 00 01 00 00 00 - f0 c4 d8 00 b4 84 96
70 ...............p
00d8c3a0 2c 79 09 00 f0 c4 d8 00 - 00 00 00 00 2e d2 d8
00 ,y..............
00d8c3b0 00 00 00 00 1c d2 d8 00 - 00 00 07 00 00 00 00
00 ................
00d8c3c0 b0 c3 d8 00 5c 00 57 00 - a8 ff d8 00 44 00 69
00 .....W.....D.i.
00d8c3d0 72 00 65 00 63 00 74 00 - 6f 00 72 00 79 00 00
00 r.e.c.t.o.r.y...
00d8c3e0 48 05 07 00 1a 00 00 00 - 78 00 00 00 00 00 00
00 H.......x.......
00d8c3f0 08 34 0a 00 18 c4 d8 00 - 8d 11 b2 77 01 00 00
00 .4.........w....
00d8c400 00 00 00 00 08 8c 09 00 - 3c 33 09 00 28 33 09
00 ........<3..(3..
00d8c410 65 4a 96 70 28 33 09 00 - 64 cd d8 00 00 00 00
00 eJ.p(3..d.......
00d8c420 6c 69 09 00 3c c9 d8 00 - 28 33 09 00 07 48 96
70 li..<...(3...H.p
00d8c430 28 33 09 00 00 00 00 00 - 6a 9c 09 00 00 00 00
00 (3......j.......
00d8c440 4d 40 96 70 00 00 00 00 - 10 9c 09 00 60 3c 96
70 `<.p

Bonjour,
C'est une violation d'accès d'explorer.exe. Pour simplifier, il tente
d'accéder à un emplacement mémoire ou il ne devrait pas.
Il vaut mieux commencer par mettre à jour le serveur en SP6A+SRP (ne
serait-ce que déjà pour des problèmes de sécurité). Ensuite, il faut voir si
celà continue.
Cordialement,

"Adriana" <anonymous@discussions.microsoft.com> a écrit dans le message de
news:1a3a901c41d6f$9e732c60$a101280a@phx.gbl...

Une exception d'application s'est produite :
App : EXPLORER.dbg (pidI4)
Quand : 4/8/2004 @ 15:30:10.453
Numéro d'exception : 006d007f
()

*----> Informations système <----*
Nom ordinateur : SRV_SYBASE
Nom utilisateur : wlk
Nombre de processeurs : 2
Type de processeur : x86 Family 6 Model 8 Stepping
6
Version Windows : 4.0
Numéro actuel : 1381
Service Pack : 5
Type actuel : Multiprocessor Free
Organisation enregistrée : mpf
Propriétaire enregistré : srv_sybase

*----> Liste des tâches <----*
0 Idle.exe
2 System.exe
28 SMSS.exe
42 CSRSS.exe
32 WINLOGON.exe
48 SERVICES.exe
51 LSASS.exe
75 SPOOLSS.exe
93 ASDscSvc.exe
82 Ntagent.exe
97 defwatch.exe
104 llssrv.exe
107 rtvscan.exe
125 RPCSS.exe
128 r_server.exe
136 ATSVC.exe
141 bcksrvr.exe
147 histsrvr.exe
151 sqlsrvr.exe
208 afaagent.exe
215 PSTORES.exe
130 LOCATOR.exe
67 NDDEAGNT.exe
264 PROMon.exe
271 vptray.exe
494 explorer.exe
618 DRWTSN32.exe
0 _Total.exe

(00400000 - 0042e000) EXPLORER.dbg
(77f70000 - 77fd0000) dllntdll.dbg
(77dc0000 - 77dff000) dlladvapi32.dbg
(77f00000 - 77f61000) dllkernel32.dbg
(77e70000 - 77ec4000) dlluser32.dbg
(77ed0000 - 77efc000) dllgdi32.dbg
(77e10000 - 77e67000) dllrpcrt4.dbg
(70bd0000 - 70c14000) SHLWAPI.dbg
(71700000 - 7178a000) COMCTL32.dbg
(70960000 - 70b0c000) SHELL32.dbg
(70730000 - 70947000) SHDOCVW.dbg
(77b20000 - 77bd6000) dllole32.dbg
(77bf0000 - 77bf7000) dllrpcltc1.dbg
(70300000 - 70359000) WEBCHECK.dbg
(77780000 - 77786000) dllmsidle.dbg
(1a400000 - 1a430000) urlmon.dbg
(63000000 - 6304d000) wininet.dbg
(77a40000 - 77a4d000) dllntshrui.dbg
(78000000 - 78040000)
(72240000 - 7227a000) dllnetapi32.dbg
(77830000 - 77839000) dllNetRap.dbg
(72280000 - 7228d000) dllsamlib.dbg

Etat de vidage Thread Id 0x193

eax000001 ebx000001 ecx087d70 edxÿffffff
esi087d70 edi000000
eipp74e70e esp06fc98 ebp06fcb4 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl010246

fonction : DllGetClassObject
7074e6ef 7d5c jge
DllGetClassObject+0x1ac (7074e74d)
7074e6f1 54 push esp
7074e6f2 7970 jns
DllGetClassObject+0x1c3 (7074e764)
7074e6f4 656c insb
7074e6f6 696200e83d90fe imul esp,
[edx],0xfe903de8 ds:3bc6ea05=????????
7074e6fd ff6a01 jmp fword ptr
[edx+0x1] ds:3bc6ea05=????????????
7074e700 58 pop eax
7074e701 c20400 ret 0x4
7074e704 836c240430 sub dword ptr
[esp+0x4],0x30 ss:3bcde69f=????????
7074e709 e97c81feff jmp
Ordinal159+0x2083 (7073688a)
7074e70e 55 push ebp
7074e70f 8bec mov ebp,esp
7074e711 83ec1c sub esp,0x1c
7074e714 56 push esi
7074e715 6a01 push 0x1
7074e717 6a00 push 0x0
7074e719 6a00 push 0x0
7074e71b 8d45e4 lea eax,[ebp-
0x1c] ss:3bcde6ba=????????
7074e71e 6a00 push 0x0
7074e720 8bf1 mov esi,ecx
7074e722 50 push eax
7074e723
ff1548187370
ds:70731848we71ade
call dword ptr
[Ordinal145+0x1848 (70731848)]

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006fc94 70774f29 00000000 00087d70 00000001 77f1ced8
SHDOCVW!DllGetClassObject
0006fcb4 7077497a 00000000 00000000 00408215 00087d70
SHDOCVW!Ordinal120
0006ff60 00404849 00400000 00000000 0002062c 00000005
SHDOCVW!Ordinal120
0006ffc0 77f1ba06 00000000 00000000 7ffdf000 7ffdf000
EXPLORER!<nosymbols>
0006fff0 00000000 004047d0 00000000 000000b0 00000100
kernel32!GetProcessPriorityBoost
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
0006fc98 29 4f 77 70 00 00 00 00 - 70 7d 08 00 01 00 00
00 )Owp....p}......
0006fca8 d8 ce f1 77 70 7d 08 00 - 70 7d 08 00 60 ff 06
00 ...wp}..p}..`...
0006fcb8 7a 49 77 70 00 00 00 00 - 00 00 00 00 15 82 40
00 zIwp..........@.
0006fcc8 70 7d 08 00 06 4b 40 00 - 70 7d 08 00 00 00 00
00 p}...K@.p}......
0006fcd8 2c 06 02 00 00 f0 fd 7f - b8 00 00 00 88 fe 06
00 ,...............
0006fce8 14 fd 06 00 88 fe 06 00 - 18 00 fd 7f e8 fd 06
00 ................
0006fcf8 a8 f5 f8 77 e8 fd 06 00 - fa 05 02 00 18 00 00
00 ...w............
0006fd08 a0 fe 06 00 00 e0 fd 7f - 00 00 00 00 69 a0 f7
77 ............i..w
0006fd18 9c fe 06 00 00 00 00 80 - 70 fe 06 00 00 e0 fd
7f ........p.......
0006fd28 00 f0 fd 7f 00 00 00 00 - 5c 00 52 00 65 00 67
00 .........R.e.g.
0006fd38 69 00 73 00 74 00 72 00 - 79 00 5c 00 4d 00 61
00 i.s.t.r.y..M.a.
0006fd48 63 00 68 00 69 00 6e 00 - 65 00 5c 00 53 00 6f
00 c.h.i.n.e..S.o.
0006fd58 66 00 74 00 77 00 61 00 - 72 00 65 00 5c 00 4d
00 f.t.w.a.r.e..M.
0006fd68 69 00 63 00 72 00 6f 00 - 73 00 6f 00 66 00 74
00 i.c.r.o.s.o.f.t.
0006fd78 5c 00 57 00 69 00 6e 00 - 64 00 6f 00 77 00 73
00 .W.i.n.d.o.w.s.
0006fd88 20 00 4e 00 54 00 5c 00 - 43 00 75 00 72 00 72
00 .N.T..C.u.r.r.
0006fd98 65 00 6e 00 74 00 56 00 - 52 03 01 00 3f 00 3f
00 e.n.t.V.R...?.?.
0006fda8 3f 00 3f 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ?.?.............
0006fdb8 00 00 46 00 1c 10 fc 7f - 22 14 fc 7f 1e 14 fc
7f ..F.....".......
0006fdc8 00 00 00 00 e4 04 01 00 - 3f 00 3f 00 3f 00 3f
00 ........?.?.?.?.

Etat de vidage Thread Id 0x284

eax7ffebc ebx000000 ecx000001 edxÿffffff
esiwe759d6 edi000003
eipp965526 esp7ffe7c ebp000284 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl010246

fonction : Ordinal21
70965509 00ff add bh,bh
7096550b 7424 jz Ordinal21+0x435
(70965531)
7096550d 108b442408ff adc
[ebx+0xff082444],cl ds:ff082444=??
70965513 7424 jz Ordinal21+0x43d
(70965539)
70965515 108b4008ff74 adc
[ebx+0x74ff0840],cl ds:74ff0840=??
7096551b 2410 and al,0x10
7096551d 8b08 mov ecx,
[eax] ds:007ffebc0000b4
7096551f 50 push eax
70965520 ff511c call dword ptr
[ecx+0x1c] ds:3bc6ea07=????????
70965523 c21000 ret 0x10
70965526 55 push ebp
70965527 8bec mov ebp,esp
70965529 81ec10020000 sub esp,0x210
7096552f 57 push edi
70965530 33ff xor edi,edi
70965532 393d6c61a070 cmp
[70a0616c],edi ds:70a0616c0873d8
70965538 897dfc mov [ebp-
0x4],edi ss:3bc6ec8a=????????
7096553b 7451 jz Ordinal21+0x492
(7096558e)
7096553d e89cdeffff call Ordinal128+0x33f
(709633de)
70965542 a16c61a070 mov eax,
[70a0616c] ds:70a0616c0873d8
70965547 8b00 mov eax,
[eax] ds:007ffebc0000b4
70965549 3bc7 cmp eax,edi

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
007ffe78 7097705a 007ffebc 77f9e4f1 00070000 007fffec
SHELL32!Ordinal21
00000284 00000000 00000000 00000000 00000000 00000000
SHELL32!SHGetDesktopFolder

Etat de vidage Thread Id 0x211

eax08c090 ebx000000 ecx08c090 edx000000
esi083508 edi083530
eipwf77f67 esp83fdf0 ebp83ff90 iopl=0 nv
up ei pl nz na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000206

fonction : ZwReplyWaitReceivePort
77f77f5c b890000000 mov eax,0x90
77f77f61 8d542404 lea edx,
[esp+0x4] ss:3c4ae7f7=????????
77f77f65 cd2e int 2e
77f77f67 c21000 ret 0x10
77f77f6a 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0083ff90 77e15fa2 77e16821 00083508 0083ffec 0006f952
ntdll!ZwReplyWaitReceivePort
00003a98 00000000 00000000 00000000 00000000 00000000
rpcrt4!NdrVaryingArrayFree

Etat de vidage Thread Id 0x132

eax87fe54 ebx000000 ecxÿffffff edx87fef8
esi87fe6c edi400000
eipwf1d493 esp87fe50 ebp87fea4 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000246

fonction : RaiseException
77f1d476 83c604 add esi,0x4
77f1d479 8bc1 mov eax,ecx
77f1d47b 49 dec ecx
77f1d47c 85c0 test eax,eax
77f1d47e 75ef jnz
RaiseException+0x46 (77f1d46f)
77f1d480 eb07 jmp
RaiseException+0x60 (77f1d489)
77f1d482 c745c000000000 mov dword ptr [ebp-
0x40],0x0 ss:3c4ee8aa=????????
77f1d489 8d45b0 lea eax,[ebp-
0x50] ss:3c4ee8aa=????????
77f1d48c 50 push eax
77f1d48d
ff15b4c3f377
ds:77f3c3b4wf98f6c
call dword ptr
[GetDateFormatW+0x4d9f (77f3c3b4)]
FAUTE ->77f1d493 5e pop esi
77f1d494 8be5 mov esp,ebp
77f1d496 5d pop ebp
77f1d497 c21000 ret 0x10

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0087fea4 70302799 006d007f 00000000 00000001 0087fef4
kernel32!RaiseException
0087feec 70324bfa 0087fec8 7032a664 ffffffff 00000601
WEBCHECK!DllGetClassObject
00000001 00000000 00000000 00000000 00000000 00000000
WEBCHECK!<nosymbols>

*----> Vidage brut de la pile <----*
0087fe50 c0 76 32 70 7f 00 6d 00 - 00 00 00 00 00 00 00
00 .v2p..m.........
0087fe60 93 d4 f1 77 01 00 00 00 - c8 fe 87 00 84 fe 87
00 ...w............
0087fe70 00 00 40 1a 00 00 32 70 - 00 00 00 00 5c 8c f9
77 ..@...2p......w
0087fe80 39 01 00 c0 ac fe 87 00 - 75 17 f0 77 7f 00 00
00 9.......u..w....
0087fe90 00 00 32 70 17 40 f1 77 - 39 01 00 c0 c0 76 32
70 ..2p.@.w9....v2p
0087fea0 17 00 18 00 ec fe 87 00 - 99 27 30 70 7f 00 6d
00 .........'0p..m.
0087feb0 00 00 00 00 01 00 00 00 - f4 fe 87 00 d5 11 2d
05 ..............-.
0087fec0 00 00 00 00 01 00 00 00 - 24 00 00 00 c0 76 32
70 ........$....v2p
0087fed0 64 a6 32 70 e0 74 32 70 - 01 00 00 00 8c 7e 32
70 d.2p.t2p.....~2p
0087fee0 00 00 40 1a 00 00 00 00 - 7f 00 00 00 01 00 00
00 ..@.............
0087fef0 fa 4b 32 70 c8 fe 87 00 - 64 a6 32 70 ff ff ff
ff .K2p....d.2p....
0087ff00 01 06 00 00 c7 43 32 70 - 40 74 32 70 00 70 32
70 .....C2p@t2p.p2p
0087ff10 00 00 00 00 00 00 00 00 - 1c 12 78 77 01 00 00
00 ..........xw....
0087ff20 00 00 00 00 68 ff 87 00 - 84 ff 87 00 97 11 78
77 ....h.........xw
0087ff30 5c 18 e7 77 00 00 00 00 - 13 01 00 00 b0 77 00
00 ..w.........w..
0087ff40 c5 d8 2f 05 84 ff 87 00 - 00 00 00 00 a4 fc 06
00 ../.............
0087ff50 88 fc 06 00 d3 59 e7 77 - 68 ff 87 00 00 00 00
00 .....Y.wh.......
0087ff60 3f 7d 40 00 68 ff 87 00 - 00 00 00 00 13 01 00
00 ?}@.h...........
0087ff70 b0 77 00 00 97 11 78 77 - c5 d8 2f 05 e0 03 00
00 .w....xw../.....
0087ff80 09 00 00 00 b8 ff 87 00 - ea 7c 40 00 f7 71 bd
70 .........|@..q.p

Etat de vidage Thread Id 0x137

eax00008c ebx95fe04 ecx95fe24 edx000000
esifdf000 edi000001
eipwf7828b esp95fde0 ebp95fe34 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c5ce7e7=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0095fe34 77f1cd92 00000002 0095ff88 00000000 000dbba0
ntdll!NtWaitForMultipleObjects
0095fe50 6300f7c6 00000002 0095ff88 00000000 000dbba0
kernel32!WaitForMultipleObjects
0095ffb8 77f04ee8 00000000 00000068 0087f120 00000000
wininet!FindCloseUrlCache
0095ffec 00000000 00000000 00000000 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

Etat de vidage Thread Id 0x1ae

eax00001c ebx9eff3c ecx9eff6c edx000000
esifdf000 edi000001
eipwf7828b esp9eff18 ebp9eff6c iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c65e91f=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
009eff6c 77f1cd92 00000003 009effac 00000000 ffffffff
ntdll!NtWaitForMultipleObjects
009eff88 70302215 00000003 009effac 00000000 ffffffff
kernel32!WaitForMultipleObjects
009effb8 77f04ee8 00000000 0087fb68 00f9882f 00000000
WEBCHECK!DllGetClassObject
009effec 00000000 7030218d 00000000 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
009eff18 85 ce f1 77 03 00 00 00 - 3c ff 9e 00 01 00 00
00 ...w....<.......
009eff28 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
009eff38 01 00 00 00 24 01 00 00 - 28 01 00 00 38 01 00
00 ....$...(...8...
009eff48 58 ff 9e 00 80 00 00 00 - 00 00 00 00 00 00 00
00 X...............
009eff58 1e 00 20 00 00 8c fd 7f - 28 01 00 00 00 00 00
00 .. .....(.......
009eff68 00 00 00 00 88 ff 9e 00 - 92 cd f1 77 03 00 00
00 ...........w....
009eff78 ac ff 9e 00 00 00 00 00 - ff ff ff ff 00 00 00
00 ................
009eff88 b8 ff 9e 00 15 22 30 70 - 03 00 00 00 ac ff 9e
00 ....."0p........
009eff98 00 00 00 00 ff ff ff ff - 68 fb 87 00 2f 88 f9
00 ........h.../...
009effa8 00 00 00 00 24 01 00 00 - 28 01 00 00 38 01 00
00 ....$...(...8...
009effb8 ec ff 9e 00 e8 4e f0 77 - 00 00 00 00 68 fb 87
00 .....N.w....h...
009effc8 2f 88 f9 00 00 00 00 00 - 2f 88 f9 00 c4 ff 9e
00 /......./.......
009effd8 b6 bd f7 77 ff ff ff ff - 44 b7 f3 77 38 d2 f3
77 ...w....D..w8..w
009effe8 00 00 00 00 00 00 00 00 - 00 00 00 00 8d 21 30
70 .............!0p
009efff8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
009f0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
009f0018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
009f0028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
009f0038 00 00 00 00 04 05 25 04 - 04 00 00 00 00 00 00
00 ......%.........
009f0048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
05 ................

Etat de vidage Thread Id 0x573

eax000000 ebx000000 ecx0855c8 edx000000
esi083508 edi096798
eipwf77f67 espdcfdf0 ebpdcff90 iopl=0 nv
up ei pl nz na pe nc
cs1b ss23 ds23 es23 fs38
gs00 efl000202

fonction : ZwReplyWaitReceivePort
77f77f5c b890000000 mov eax,0x90
77f77f61 8d542404 lea edx,
[esp+0x4] ss:3ca3e7f7=????????
77f77f65 cd2e int 2e
77f77f67 c21000 ret 0x10
77f77f6a 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00dcff90 77e15fa2 77e16821 00083508 00dcffec 00000000
ntdll!ZwReplyWaitReceivePort
00003a98 00000000 00000000 00000000 00000000 00000000
rpcrt4!NdrVaryingArrayFree

Une exception d'application s'est produite :
App : EXPLORER.dbg (pidP7)
Quand : 4/8/2004 @ 15:30:58.937
Numéro d'exception : c0000005 (violation d'accès)

*----> Informations système <----*
Nom ordinateur : SRV_SYBASE
Nom utilisateur : wlk
Nombre de processeurs : 2
Type de processeur : x86 Family 6 Model 8 Stepping
6
Version Windows : 4.0
Numéro actuel : 1381
Service Pack : 5
Type actuel : Multiprocessor Free
Organisation enregistrée : mpf
Propriétaire enregistré : srv_sybase

*----> Liste des tâches <----*
0 Idle.exe
2 System.exe
28 SMSS.exe
42 CSRSS.exe
32 WINLOGON.exe
48 SERVICES.exe
51 LSASS.exe
75 SPOOLSS.exe
93 ASDscSvc.exe
82 Ntagent.exe
97 defwatch.exe
104 llssrv.exe
107 rtvscan.exe
125 RPCSS.exe
128 r_server.exe
136 ATSVC.exe
141 bcksrvr.exe
147 histsrvr.exe
151 sqlsrvr.exe
208 afaagent.exe
215 PSTORES.exe
130 LOCATOR.exe
67 NDDEAGNT.exe
264 PROMon.exe
271 vptray.exe
507 explorer.exe
1375 DRWTSN32.exe
0 _Total.exe

(00400000 - 0042e000) EXPLORER.dbg
(77f70000 - 77fd0000) dllntdll.dbg
(77dc0000 - 77dff000) dlladvapi32.dbg
(77f00000 - 77f61000) dllkernel32.dbg
(77e70000 - 77ec4000) dlluser32.dbg
(77ed0000 - 77efc000) dllgdi32.dbg
(77e10000 - 77e67000) dllrpcrt4.dbg
(70bd0000 - 70c14000) SHLWAPI.dbg
(71700000 - 7178a000) COMCTL32.dbg
(70960000 - 70b0c000) SHELL32.dbg
(70730000 - 70947000) SHDOCVW.dbg
(77b20000 - 77bd6000) dllole32.dbg
(77bf0000 - 77bf7000) dllrpcltc1.dbg
(77a40000 - 77a4d000) dllntshrui.dbg
(78000000 - 78040000)
(72240000 - 7227a000) dllnetapi32.dbg
(77830000 - 77839000) dllNetRap.dbg
(72280000 - 7228d000) dllsamlib.dbg
(70300000 - 70359000) WEBCHECK.dbg
(77780000 - 77786000) dllmsidle.dbg
(1a400000 - 1a430000) urlmon.dbg
(63000000 - 6304d000) wininet.dbg

Etat de vidage Thread Id 0x17d

eax000000 ebx000001 ecx000401 edx000000
esi087f28 edi000000
eipwe72ada esp06fc98 ebp06fcb4 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000246

fonction : WaitMessage
77e72acf b806120000 mov eax,0x1206
77e72ad4 8d542404 lea edx,
[esp+0x4] ss:3bcde69f=????????
77e72ad8 cd2e int 2e
77e72ada c3 ret

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006fcb4 7077497a 00000000 00000000 00408215 00087f28
user32!WaitMessage
0006ff60 00404849 000001fb 00000000 0002062c 00000005
SHDOCVW!Ordinal120
0006ffc0 77f1ba06 00000000 00000000 7ffdf000 7ffdf000
EXPLORER!<nosymbols>
0006fff0 00000000 004047d0 00000000 000000b0 00000100
kernel32!GetProcessPriorityBoost
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
0006fc98 21 4f 77 70 00 00 00 00 - 28 7f 08 00 01 00 00
00 !Owp....(.......
0006fca8 d8 ce f1 77 28 7f 08 00 - 28 7f 08 00 60 ff 06
00 ...w(...(...`...
0006fcb8 7a 49 77 70 00 00 00 00 - 00 00 00 00 15 82 40
00 zIwp..........@.
0006fcc8 28 7f 08 00 06 4b 40 00 - 28 7f 08 00 00 00 00
00 (....K@.(.......
0006fcd8 2c 06 02 00 00 f0 fd 7f - b8 00 00 00 88 fe 06
00 ,...............
0006fce8 14 fd 06 00 88 fe 06 00 - 18 00 fd 7f e8 fd 06
00 ................
0006fcf8 a8 f5 f8 77 e8 fd 06 00 - fa 05 02 00 18 00 00
00 ...w............
0006fd08 a0 fe 06 00 00 e0 fd 7f - 00 00 00 00 69 a0 f7
77 ............i..w
0006fd18 9c fe 06 00 00 00 00 80 - 70 fe 06 00 00 e0 fd
7f ........p.......
0006fd28 00 f0 fd 7f 00 00 00 00 - 5c 00 52 00 65 00 67
00 .........R.e.g.
0006fd38 69 00 73 00 74 00 72 00 - 79 00 5c 00 4d 00 61
00 i.s.t.r.y..M.a.
0006fd48 63 00 68 00 69 00 6e 00 - 65 00 5c 00 53 00 6f
00 c.h.i.n.e..S.o.
0006fd58 66 00 74 00 77 00 61 00 - 72 00 65 00 5c 00 4d
00 f.t.w.a.r.e..M.
0006fd68 69 00 63 00 72 00 6f 00 - 73 00 6f 00 66 00 74
00 i.c.r.o.s.o.f.t.
0006fd78 5c 00 57 00 69 00 6e 00 - 64 00 6f 00 77 00 73
00 .W.i.n.d.o.w.s.
0006fd88 20 00 4e 00 54 00 5c 00 - 43 00 75 00 72 00 72
00 .N.T..C.u.r.r.
0006fd98 65 00 6e 00 74 00 56 00 - 52 03 01 00 3f 00 3f
00 e.n.t.V.R...?.?.
0006fda8 3f 00 3f 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ?.?.............
0006fdb8 00 00 46 00 1c 10 fc 7f - 22 14 fc 7f 1e 14 fc
7f ..F.....".......
0006fdc8 00 00 00 00 e4 04 01 00 - 3f 00 3f 00 3f 00 3f
00 ........?.?.?.?.

Etat de vidage Thread Id 0x192

eax7ffea0 ebx7ffdc0 ecx000001 edx000000
esifdf000 edi000001
eipwf7828b esp7ffd9c ebp7ffdf0 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c46e7a3=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
007ffdf0 77e7ab66 00000005 007ffe18 00000000 00088323
ntdll!NtWaitForMultipleObjects
007ffe4c 77e7aaba 00000004 007ffebc 00088323 000000ff
user32!MsgWaitForMultipleObjectsEx
007ffe68 70976ff7 00000004 007ffebc 00000000 00088323
user32!MsgWaitForMultipleObjects
00000192 00000000 00000000 00000000 00000000 00000000
SHELL32!SHGetDesktopFolder

Etat de vidage Thread Id 0x22b

eax000c18 ebx000000 ecx07f298 edx000000
esi083508 edi07d6f0
eipwf77f67 esp83fdf0 ebp83ff90 iopl=0 nv
up ei pl nz na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000206

fonction : ZwReplyWaitReceivePort
77f77f5c b890000000 mov eax,0x90
77f77f61 8d542404 lea edx,
[esp+0x4] ss:3c4ae7f7=????????
77f77f65 cd2e int 2e
77f77f67 c21000 ret 0x10
77f77f6a 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0083ff90 77e15fa2 77e16821 00083508 0083ffec 0006f952
ntdll!ZwReplyWaitReceivePort
00003a98 00000000 00000000 00000000 00000000 00000000
rpcrt4!NdrVaryingArrayFree

Etat de vidage Thread Id 0x119

eaxR00a704 ebx06fc88 ecx87ffdc edx000000
esi06fca4 edi000000
eipwe72ada esp87ff64 ebp87ff84 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000246

fonction : WaitMessage
77e72acf b806120000 mov eax,0x1206
77e72ad4 8d542404 lea edx,
[esp+0x4] ss:3c4ee96b=????????
77e72ad8 cd2e int 2e
77e72ada c3 ret

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0087ff84 00407cea 70bd71f7 00400000 00000003 00001000
user32!WaitMessage
0087ffb8 77f04ee8 0006fc88 00000003 00001000 0006fc88
EXPLORER!<nosymbols>
0087ffec 00000000 70bd71bd 0006fc88 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
0087ff64 87 7d 40 00 c6 00 64 02 - 0f 00 00 00 00 00 00
00 .}@...d.........
0087ff74 00 00 00 00 be 8d 3d 05 - 2c 00 00 00 76 02 00
00 ......=.,...v...
0087ff84 b8 ff 87 00 ea 7c 40 00 - f7 71 bd 70 00 00 40
00 .....|@..q.p..@.
0087ff94 03 00 00 00 00 10 00 00 - d8 7c 40 00 6d 56 40
00 .........|@.mV@.
0087ffa4 8c 00 00 00 00 00 40 00 - 00 00 00 00 00 00 00
00 ......@.........
0087ffb4 00 00 00 00 ec ff 87 00 - e8 4e f0 77 88 fc 06
00 .........N.w....
0087ffc4 03 00 00 00 00 10 00 00 - 88 fc 06 00 00 10 00
00 ................
0087ffd4 c4 ff 87 00 5c fb 06 00 - ff ff ff ff 44 b7 f3
77 ...........D..w
0087ffe4 38 d2 f3 77 00 00 00 00 - 00 00 00 00 00 00 00
00 8..w............
0087fff4 bd 71 bd 70 88 fc 06 00 - 00 00 00 00 00 00 00
00 .q.p............
00880004 9f 00 01 00 10 00 90 01 - 17 00 b0 01 ff ff ff
00 ................
00880014 ff ff ff 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00880024 01 00 00 00 0d 02 01 01 - 00 00 00 00 00 00 00
00 ................
00880034 00 00 00 00 00 00 00 00 - 02 00 00 00 01 00 00
00 ................
00880044 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00880054 01 00 00 00 00 00 00 00 - 00 00 00 00 07 00 8a
01 ................
00880064 00 00 00 40 06 00 00 00 - 00 00 00 00 00 00 00
00 ...@............
00880074 00 00 00 00 00 00 00 00 - 00 00 00 40 06 00 00
00 ...........@....
00880084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00880094 00 00 00 00 00 00 00 00 - 4b 00 00 00 00 00 00
40 ........K......@

Etat de vidage Thread Id 0x530

eaxp9743f0 ebx8dfea8 ecx000002 edx000000
esifdf000 edi000001
eipwf7828b esp8dfe84 ebp8dfed8 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c54e88b=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
008dfed8 77e7ab66 00000001 008dff00 00000000 0000ea60
ntdll!NtWaitForMultipleObjects
008dff34 77e7aaba 00000000 00000000 0000ea60 000000ff
user32!MsgWaitForMultipleObjectsEx
008dff50 70982fc9 00000000 00000000 00000000 0000ea60
user32!MsgWaitForMultipleObjects
008dffb8 77f04ee8 00000530 014100f8 0000004e 00000098
SHELL32!Ordinal98
008dffec 00000000 70982ebc 00000098 00000000 000000b0
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
008dfe84 85 ce f1 77 01 00 00 00 - a8 fe 8d 00 01 00 00
00 ...w............
008dfe94 00 00 00 00 c8 fe 8d 00 - 00 00 00 00 00 00 00
00 ................
008dfea4 00 ff 8d 00 b4 00 00 00 - 1c ff 8d 00 00 00 00
00 ................
008dfeb4 5b 12 f7 77 60 55 fb 77 - 61 12 f7 77 30 ff 8d
00 [..w`U.wa..w0...
008dfec4 4e 00 00 00 00 ba 3c dc - ff ff ff ff 00 00 00
00 N.....<.........
008dfed4 c8 fe 8d 00 34 ff 8d 00 - 66 ab e7 77 01 00 00
00 ....4...f..w....
008dfee4 00 ff 8d 00 00 00 00 00 - 60 ea 00 00 00 00 00
00 ........`.......
008dfef4 00 00 00 00 00 00 00 00 - d6 59 e7 77 b4 00 00
00 .........Y.w....
008dff04 00 10 0b 11 ff ff ff ff - 30 ff 8d 00 b9 5e 96
70 ........0....^.p
008dff14 10 53 08 00 0c 53 08 00 - f1 7f e7 77 f8 00 41
01 .S...S.....w..A.
008dff24 00 00 00 00 00 00 00 00 - 44 a0 fd 7f b4 00 00
00 ........D.......
008dff34 50 ff 8d 00 ba aa e7 77 - 00 00 00 00 00 00 00
00 P......w........
008dff44 60 ea 00 00 ff 00 00 00 - 00 00 00 00 b8 ff 8d
00 `...............
008dff54 c9 2f 98 70 00 00 00 00 - 00 00 00 00 00 00 00
00 ./.p............
008dff64 60 ea 00 00 ff 00 00 00 - f8 00 41 01 4e 00 00
00 `.........A.N...
008dff74 98 00 00 00 e0 ae b0 f0 - 04 af b0 f0 f0 ad b0
f0 ................
008dff84 01 9d 90 80 c1 50 14 80 - ff ff ff ff 46 02 00
00 .....P......F...
008dff94 00 00 00 00 02 05 00 00 - a0 8b 08 00 50 dc 08
00 ............P...
008dffa4 9d e4 3c 05 e7 03 00 00 - 33 00 00 00 30 05 00
00 ..<.....3...0...
008dffb4 00 00 00 00 ec ff 8d 00 - e8 4e f0 77 30 05 00
00 .........N.w0...

Etat de vidage Thread Id 0x318

eaxcdf530 ebxa2fe60 ecx01f530 edx000000
esifdf000 edi000001
eipwf7828b espa2fe3c ebpa2fe90 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c69e843=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00a2fe90 77e7ab66 00000002 00a2feb8 00000000 0000ea60
ntdll!NtWaitForMultipleObjects
00a2feec 77e7aaba 00000001 00a2ff40 0000ea60 000000ff
user32!MsgWaitForMultipleObjectsEx
00a2ff08 70762d0c 00000001 00a2ff40 00000000 0000ea60
user32!MsgWaitForMultipleObjects
00a2ff88 70bd71f7 0008d9e8 00000000 00000400 70762bde
SHDOCVW!URLQualifyW
00a2ffb8 77f04ee8 0006fc1c 00000000 00000400 0006fc1c
SHLWAPI!Ordinal16
00a2ffec 00000000 00000000 00000000 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

Etat de vidage Thread Id 0x53e

eax096eb0 ebxadfe04 ecx09df58 edx000000
esifdf000 edi000001
eipwf7828b espadfde0 ebpadfe34 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c74e7e7=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00adfe34 77f1cd92 00000002 00adff88 00000000 000dbba0
ntdll!NtWaitForMultipleObjects
00adfe50 6300f7c6 00000002 00adff88 00000000 000dbba0
kernel32!WaitForMultipleObjects
00adffb8 77f04ee8 00000000 00000068 0087f120 00000000
wininet!FindCloseUrlCache
00adffec 00000000 6300f71e 00000000 00000000 000000b0
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
00adfde0 85 ce f1 77 02 00 00 00 - 04 fe ad 00 01 00 00
00 ...w............
00adfdf0 00 00 00 00 24 fe ad 00 - 68 00 00 00 38 fb 03
63 ....$...h...8..c
00adfe00 00 00 00 00 bc 00 00 00 - d8 00 00 00 00 00 00
00 ................
00adfe10 08 04 07 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00adfe20 04 00 00 00 00 e6 8e e7 - fd ff ff ff 00 00 00
00 ................
00adfe30 24 fe ad 00 50 fe ad 00 - 92 cd f1 77 02 00 00
00 $...P......w....
00adfe40 88 ff ad 00 00 00 00 00 - a0 bb 0d 00 00 00 00
00 ................
00adfe50 b8 ff ad 00 c6 f7 00 63 - 02 00 00 00 88 ff ad
00 .......c........
00adfe60 00 00 00 00 a0 bb 0d 00 - 68 00 00 00 20 f1 87
00 ........h... ...
00adfe70 00 00 00 00 01 00 00 00 - 02 00 00 00 98 fe ad
00 ................
00adfe80 24 c2 00 63 00 00 00 63 - 02 00 00 00 00 00 00
00 $..c...c........
00adfe90 c8 80 07 00 00 f0 fd 7f - c0 80 07 00 31 cf f7
77 ............1..w
00adfea0 84 00 00 00 00 00 00 00 - 00 f0 fd 7f ed 75 f7
77 .............u.w
00adfeb0 60 55 fb 77 5b 12 f7 77 - 60 55 fb 77 61 12 f7
77 `U.w[..w`U.wa..w
00adfec0 30 ff ad 00 20 f1 87 00 - 00 00 00 00 00 00 00
00 0... ...........
00adfed0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00adfee0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00adfef0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00adff00 00 00 00 00 c0 fe ad 00 - 00 00 00 00 ff ff ff
ff ................
00adff10 a4 1f fa 77 e8 d0 fa 77 - ff ff ff ff 00 00 00
00 ...w...w........

Etat de vidage Thread Id 0x172

eax00001c ebxb4ff3c ecxb4ff6c edx000000
esifdf000 edi000001
eipwf7828b espb4ff18 ebpb4ff6c iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c7be91f=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00b4ff6c 77f1cd92 00000003 00b4ffac 00000000 ffffffff
ntdll!NtWaitForMultipleObjects
00b4ff88 70302215 00000003 00b4ffac 00000000 ffffffff
kernel32!WaitForMultipleObjects
00b4ffb8 77f04ee8 00000000 0087fb68 00f9882f 00000000
WEBCHECK!DllGetClassObject
00b4ffec 00000000 7030218d 00000000 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
00b4ff18 85 ce f1 77 03 00 00 00 - 3c ff b4 00 01 00 00
00 ...w....<.......
00b4ff28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 10
00 ................
00b4ff38 01 00 00 00 38 01 00 00 - 04 01 00 00 24 01 00
00 ....8.......$...
00b4ff48 58 ff b4 00 80 00 00 00 - 00 00 00 00 00 00 00
00 X...............
00b4ff58 1e 00 20 00 00 7c fd 7f - 04 01 00 00 00 00 00
00 .. ..|..........
00b4ff68 00 00 00 00 88 ff b4 00 - 92 cd f1 77 03 00 00
00 ...........w....
00b4ff78 ac ff b4 00 00 00 00 00 - ff ff ff ff 00 00 00
00 ................
00b4ff88 b8 ff b4 00 15 22 30 70 - 03 00 00 00 ac ff b4
00 ....."0p........
00b4ff98 00 00 00 00 ff ff ff ff - 68 fb 87 00 2f 88 f9
00 ........h.../...
00b4ffa8 00 00 00 00 38 01 00 00 - 04 01 00 00 24 01 00
00 ....8.......$...
00b4ffb8 ec ff b4 00 e8 4e f0 77 - 00 00 00 00 68 fb 87
00 .....N.w....h...
00b4ffc8 2f 88 f9 00 00 00 00 00 - 2f 88 f9 00 c4 ff b4
00 /......./.......
00b4ffd8 b6 bd f7 77 ff ff ff ff - 44 b7 f3 77 38 d2 f3
77 ...w....D..w8..w
00b4ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 8d 21 30
70 .............!0p
00b4fff8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................

Etat de vidage Thread Id 0x579

eax000000 ebx0985d8 ecx098ad8 edxd8d36c
esi098adc edi098ad8
eipp73a2d9 espd8c310 ebpd8d940 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : Ordinal104
7073a2b5 83f8ff cmp eax,0xff
7073a2b8 7409 jz
Ordinal104+0x38f6 (7073a2c3)
7073a2ba 3b45fc cmp eax,[ebp-
0x4] ss:3c9fc346=????????
7073a2bd 0f8f87000000 jnle
Ordinal104+0x397d (7073a34a)
7073a2c3 837dfcff cmp dword ptr [ebp-
0x4],0xff ss:3c9fc346=????????
7073a2c7 0f8485000000 je
Ordinal104+0x3985 (7073a352)
7073a2cd 8b07 mov eax,
[edi] ds:00098ad8000000
7073a2cf 8d952cfaffff lea edx,
[ebp+0xfffffa2c] ss:00d8d36c0005b4
7073a2d5 52 push edx
7073a2d6 ff75fc push dword ptr [ebp-
0x4] ss:3c9fc346=????????
FAUTE ->7073a2d9 8b08 mov ecx,
[eax] ds:00000000=????????
7073a2db 50 push eax
7073a2dc ff510c call dword ptr
[ecx+0xc] ds:3bd074de=????????
7073a2df 8b45fc mov eax,[ebp-
0x4] ss:3c9fc346=????????
7073a2e2 8b348550c78170 mov esi,
[7081c750+eax*4] ds:00000000=????????
7073a2e9 33ff xor edi,edi
7073a2eb 397df4 cmp [ebp-
0xc],edi ss:3c9fc346=????????
7073a2ee 0f8583910400 jne
DllCanUnloadNow+0xa31b (70783477)
7073a2f4 8b03 mov eax,
[ebx] ds:000985d8p76f770
7073a2f6 8d8d30faffff lea ecx,
[ebp+0xfffffa30] ss:00d8d370000000
7073a2fc 57 push edi
7073a2fd 51 push ecx

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00d8d940 70732a76 ffffffff 709700e9 000985e4 00000000
SHDOCVW!Ordinal104
00d8d96c 7077a898 000985e4 709700e8 00000027 00000000
SHDOCVW!Ordinal145
00d8d998 7097057d 000985e4 709700e8 00000027 00000000
SHDOCVW!DllCanUnloadNow
00d8d9d8 70970177 000985e4 000985d8 00000001 00000000
SHELL32!Ordinal186
00d8d9f0 70746385 000a2d98 00000001 00000000 000985d8
SHELL32!Ordinal163
00d8da08 70748582 00000001 00000001 000985d8 00000000
SHDOCVW!Ordinal161
00d8e250 707495a4 000985d8 000985d8 00d8e2a0 7073c343
SHDOCVW!Ordinal161
00d8e26c 707723a6 000985d8 707423a2 000985d8 000985dc
SHDOCVW!Ordinal161
00d8e2a0 70741ec6 016f00be 00095c48 00000000 00000000
SHDOCVW!Ordinal119
00d8e2c4 70741626 00095c48 00000000 00000000 00000000
SHDOCVW!Ordinal104
00d8e2ec 70741f6e 00095c48 00000000 00000000 000969f0
SHDOCVW!Ordinal104
00d8eb30 7075cdb8 00095c48 00000000 00000000 00d8fd30
SHDOCVW!Ordinal104
00d8fbb4 7077013a 00095c48 00000001 000985d8 70735103
SHDOCVW!DllGetClassObject
00d8fc34 707321a8 00430144 00000001 00000000 00d8fd30
SHDOCVW!Ordinal119
00d8fc6c 7077a3ef 00430144 00000001 00000000 00d8fd30
SHDOCVW!Ordinal145
00d8fc88 707320a2 00430144 00000001 00000000 00d8fd30
SHDOCVW!DllCanUnloadNow
00d8fcac 77e719d0 000985d8 00000001 00000000 00d8fd30
SHDOCVW!Ordinal145
00d8fcc4 77e76143 00446430 00000001 00000000 00d8fd30
user32!OffsetRect
00d8fcf8 77f863a3 00d8fd08 00000074 00000074 00000010
user32!GetSystemMenu
00d8fe2c 77e76362 80000100 7075c5a0 00000000 02cf0000
ntdll!KiUserCallbackDispatcher
00d8fe6c 7075c2bd 00000100 7075c5a0 00000000 02cf0000
user32!CreateWindowExA
00d8ff2c 7075c1dd 7075c5a0 00780065 006c0070 000969f0
SHDOCVW!DllGetClassObject
00d8ffb8 77f04ee8 000969f0 00780065 006c0070 000969f0
SHDOCVW!DllGetClassObject
00d8ffec 00000000 7075c1a1 000969f0 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
00d8c310 00 00 00 00 6c d3 d8 00 - f8 00 97 70 e0 30 73
70 ....l......p.0sp
00d8c320 e4 85 09 00 a4 1f fa 77 - 40 d8 fa 77 ff ff ff
ff .......w@..w....
00d8c330 f4 c3 d8 00 0e 47 f7 77 - 90 08 07 00 6f 00 00
00 .....G.w....o...
00d8c340 10 9c 09 00 0e 00 07 80 - 00 00 00 00 18 79 09
00 .............y..
00d8c350 2c 79 09 00 00 00 00 00 - ff ff ff ff 20 c4 d8
00 ,y.......... ...
00d8c360 0e 47 f8 c4 d8 00 07 00 - 1c 00 fb 7f 6a 9c 09
00 .G..........j...
00d8c370 f0 c4 d8 00 c4 c4 d8 00 - e5 85 96 70 85 79 09
00 ...........p.y..
00d8c380 f0 c4 d8 00 00 00 00 00 - c5 85 96 70 45 79 09
00 ...........pEy..
00d8c390 f0 c4 d8 00 01 00 00 00 - f0 c4 d8 00 b4 84 96
70 ...............p
00d8c3a0 2c 79 09 00 f0 c4 d8 00 - 00 00 00 00 2e d2 d8
00 ,y..............
00d8c3b0 00 00 00 00 1c d2 d8 00 - 00 00 07 00 00 00 00
00 ................
00d8c3c0 b0 c3 d8 00 5c 00 57 00 - a8 ff d8 00 44 00 69
00 .....W.....D.i.
00d8c3d0 72 00 65 00 63 00 74 00 - 6f 00 72 00 79 00 00
00 r.e.c.t.o.r.y...
00d8c3e0 48 05 07 00 1a 00 00 00 - 78 00 00 00 00 00 00
00 H.......x.......
00d8c3f0 08 34 0a 00 18 c4 d8 00 - 8d 11 b2 77 01 00 00
00 .4.........w....
00d8c400 00 00 00 00 08 8c 09 00 - 3c 33 09 00 28 33 09
00 ........<3..(3..
00d8c410 65 4a 96 70 28 33 09 00 - 64 cd d8 00 00 00 00
00 eJ.p(3..d.......
00d8c420 6c 69 09 00 3c c9 d8 00 - 28 33 09 00 07 48 96
70 li..<...(3...H.p
00d8c430 28 33 09 00 00 00 00 00 - 6a 9c 09 00 00 00 00
00 (3......j.......
00d8c440 4d 40 96 70 00 00 00 00 - 10 9c 09 00 60 3c 96
70 M@.p........`<.p

Vous avez filtré cet utilisateur ! Consultez son message

Bonjour,
C'est une violation d'accès d'explorer.exe. Pour simplifier, il tente
d'accéder à un emplacement mémoire ou il ne devrait pas.
Il vaut mieux commencer par mettre à jour le serveur en SP6A+SRP (ne
serait-ce que déjà pour des problèmes de sécurité). Ensuite, il faut voir si
celà continue.
Cordialement,

"Adriana" a écrit dans le message de
news:1a3a901c41d6f$9e732c60$

Une exception d'application s'est produite :
App : EXPLORER.dbg (pidI4)
Quand : 4/8/2004 @ 15:30:10.453
Numéro d'exception : 006d007f
()

*----> Informations système <----*
Nom ordinateur : SRV_SYBASE
Nom utilisateur : wlk
Nombre de processeurs : 2
Type de processeur : x86 Family 6 Model 8 Stepping
6
Version Windows : 4.0
Numéro actuel : 1381
Service Pack : 5
Type actuel : Multiprocessor Free
Organisation enregistrée : mpf
Propriétaire enregistré : srv_sybase

*----> Liste des tâches <----*
0 Idle.exe
2 System.exe
28 SMSS.exe
42 CSRSS.exe
32 WINLOGON.exe
48 SERVICES.exe
51 LSASS.exe
75 SPOOLSS.exe
93 ASDscSvc.exe
82 Ntagent.exe
97 defwatch.exe
104 llssrv.exe
107 rtvscan.exe
125 RPCSS.exe
128 r_server.exe
136 ATSVC.exe
141 bcksrvr.exe
147 histsrvr.exe
151 sqlsrvr.exe
208 afaagent.exe
215 PSTORES.exe
130 LOCATOR.exe
67 NDDEAGNT.exe
264 PROMon.exe
271 vptray.exe
494 explorer.exe
618 DRWTSN32.exe
0 _Total.exe

(00400000 - 0042e000) EXPLORER.dbg
(77f70000 - 77fd0000) dllntdll.dbg
(77dc0000 - 77dff000) dlladvapi32.dbg
(77f00000 - 77f61000) dllkernel32.dbg
(77e70000 - 77ec4000) dlluser32.dbg
(77ed0000 - 77efc000) dllgdi32.dbg
(77e10000 - 77e67000) dllrpcrt4.dbg
(70bd0000 - 70c14000) SHLWAPI.dbg
(71700000 - 7178a000) COMCTL32.dbg
(70960000 - 70b0c000) SHELL32.dbg
(70730000 - 70947000) SHDOCVW.dbg
(77b20000 - 77bd6000) dllole32.dbg
(77bf0000 - 77bf7000) dllrpcltc1.dbg
(70300000 - 70359000) WEBCHECK.dbg
(77780000 - 77786000) dllmsidle.dbg
(1a400000 - 1a430000) urlmon.dbg
(63000000 - 6304d000) wininet.dbg
(77a40000 - 77a4d000) dllntshrui.dbg
(78000000 - 78040000)
(72240000 - 7227a000) dllnetapi32.dbg
(77830000 - 77839000) dllNetRap.dbg
(72280000 - 7228d000) dllsamlib.dbg

Etat de vidage Thread Id 0x193

eax000001 ebx000001 ecx087d70 edxÿffffff
esi087d70 edi000000
eipp74e70e esp06fc98 ebp06fcb4 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl010246

fonction : DllGetClassObject
7074e6ef 7d5c jge
DllGetClassObject+0x1ac (7074e74d)
7074e6f1 54 push esp
7074e6f2 7970 jns
DllGetClassObject+0x1c3 (7074e764)
7074e6f4 656c insb
7074e6f6 696200e83d90fe imul esp,
[edx],0xfe903de8 ds:3bc6ea05=????????
7074e6fd ff6a01 jmp fword ptr
[edx+0x1] ds:3bc6ea05=????????????
7074e700 58 pop eax
7074e701 c20400 ret 0x4
7074e704 836c240430 sub dword ptr
[esp+0x4],0x30 ss:3bcde69f=????????
7074e709 e97c81feff jmp
Ordinal159+0x2083 (7073688a)
7074e70e 55 push ebp
7074e70f 8bec mov ebp,esp
7074e711 83ec1c sub esp,0x1c
7074e714 56 push esi
7074e715 6a01 push 0x1
7074e717 6a00 push 0x0
7074e719 6a00 push 0x0
7074e71b 8d45e4 lea eax,[ebp-
0x1c] ss:3bcde6ba=????????
7074e71e 6a00 push 0x0
7074e720 8bf1 mov esi,ecx
7074e722 50 push eax
7074e723
ff1548187370
ds:70731848we71ade
call dword ptr
[Ordinal145+0x1848 (70731848)]

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006fc94 70774f29 00000000 00087d70 00000001 77f1ced8
SHDOCVW!DllGetClassObject
0006fcb4 7077497a 00000000 00000000 00408215 00087d70
SHDOCVW!Ordinal120
0006ff60 00404849 00400000 00000000 0002062c 00000005
SHDOCVW!Ordinal120
0006ffc0 77f1ba06 00000000 00000000 7ffdf000 7ffdf000
EXPLORER!<nosymbols>
0006fff0 00000000 004047d0 00000000 000000b0 00000100
kernel32!GetProcessPriorityBoost
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
0006fc98 29 4f 77 70 00 00 00 00 - 70 7d 08 00 01 00 00
00 )Owp....p}......
0006fca8 d8 ce f1 77 70 7d 08 00 - 70 7d 08 00 60 ff 06
00 ...wp}..p}..`...
0006fcb8 7a 49 77 70 00 00 00 00 - 00 00 00 00 15 82 40
00
0006fcc8 70 7d 08 00 06 4b 40 00 - 70 7d 08 00 00 00 00
00 p}}......
0006fcd8 2c 06 02 00 00 f0 fd 7f - b8 00 00 00 88 fe 06
00 ,...............
0006fce8 14 fd 06 00 88 fe 06 00 - 18 00 fd 7f e8 fd 06
00 ................
0006fcf8 a8 f5 f8 77 e8 fd 06 00 - fa 05 02 00 18 00 00
00 ...w............
0006fd08 a0 fe 06 00 00 e0 fd 7f - 00 00 00 00 69 a0 f7
77 ............i..w
0006fd18 9c fe 06 00 00 00 00 80 - 70 fe 06 00 00 e0 fd
7f ........p.......
0006fd28 00 f0 fd 7f 00 00 00 00 - 5c 00 52 00 65 00 67
00 .........R.e.g.
0006fd38 69 00 73 00 74 00 72 00 - 79 00 5c 00 4d 00 61
00 i.s.t.r.y..M.a.
0006fd48 63 00 68 00 69 00 6e 00 - 65 00 5c 00 53 00 6f
00 c.h.i.n.e..S.o.
0006fd58 66 00 74 00 77 00 61 00 - 72 00 65 00 5c 00 4d
00 f.t.w.a.r.e..M.
0006fd68 69 00 63 00 72 00 6f 00 - 73 00 6f 00 66 00 74
00 i.c.r.o.s.o.f.t.
0006fd78 5c 00 57 00 69 00 6e 00 - 64 00 6f 00 77 00 73
00 .W.i.n.d.o.w.s.
0006fd88 20 00 4e 00 54 00 5c 00 - 43 00 75 00 72 00 72
00 .N.T..C.u.r.r.
0006fd98 65 00 6e 00 74 00 56 00 - 52 03 01 00 3f 00 3f
00 e.n.t.V.R...?.?.
0006fda8 3f 00 3f 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ?.?.............
0006fdb8 00 00 46 00 1c 10 fc 7f - 22 14 fc 7f 1e 14 fc
7f ..F.....".......
0006fdc8 00 00 00 00 e4 04 01 00 - 3f 00 3f 00 3f 00 3f
00 ........?.?.?.?.

Etat de vidage Thread Id 0x284

eax7ffebc ebx000000 ecx000001 edxÿffffff
esiwe759d6 edi000003
eipp965526 esp7ffe7c ebp000284 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl010246

fonction : Ordinal21
70965509 00ff add bh,bh
7096550b 7424 jz Ordinal21+0x435
(70965531)
7096550d 108b442408ff adc
[ebx+0xff082444],cl ds:ff082444=??
70965513 7424 jz Ordinal21+0x43d
(70965539)
70965515 108b4008ff74 adc
[ebx+0x74ff0840],cl ds:74ff0840=??
7096551b 2410 and al,0x10
7096551d 8b08 mov ecx,
[eax] ds:007ffebc0000b4
7096551f 50 push eax
70965520 ff511c call dword ptr
[ecx+0x1c] ds:3bc6ea07=????????
70965523 c21000 ret 0x10
70965526 55 push ebp
70965527 8bec mov ebp,esp
70965529 81ec10020000 sub esp,0x210
7096552f 57 push edi
70965530 33ff xor edi,edi
70965532 393d6c61a070 cmp
[70a0616c],edi ds:70a0616c0873d8
70965538 897dfc mov [ebp-
0x4],edi ss:3bc6ec8a=????????
7096553b 7451 jz Ordinal21+0x492
(7096558e)
7096553d e89cdeffff call Ordinal128+0x33f
(709633de)
70965542 a16c61a070 mov eax,
[70a0616c] ds:70a0616c0873d8
70965547 8b00 mov eax,
[eax] ds:007ffebc0000b4
70965549 3bc7 cmp eax,edi

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
007ffe78 7097705a 007ffebc 77f9e4f1 00070000 007fffec
SHELL32!Ordinal21
00000284 00000000 00000000 00000000 00000000 00000000
SHELL32!SHGetDesktopFolder

Etat de vidage Thread Id 0x211

eax08c090 ebx000000 ecx08c090 edx000000
esi083508 edi083530
eipwf77f67 esp83fdf0 ebp83ff90 iopl=0 nv
up ei pl nz na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000206

fonction : ZwReplyWaitReceivePort
77f77f5c b890000000 mov eax,0x90
77f77f61 8d542404 lea edx,
[esp+0x4] ss:3c4ae7f7=????????
77f77f65 cd2e int 2e
77f77f67 c21000 ret 0x10
77f77f6a 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0083ff90 77e15fa2 77e16821 00083508 0083ffec 0006f952
ntdll!ZwReplyWaitReceivePort
00003a98 00000000 00000000 00000000 00000000 00000000
rpcrt4!NdrVaryingArrayFree

Etat de vidage Thread Id 0x132

eax87fe54 ebx000000 ecxÿffffff edx87fef8
esi87fe6c edi400000
eipwf1d493 esp87fe50 ebp87fea4 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000246

fonction : RaiseException
77f1d476 83c604 add esi,0x4
77f1d479 8bc1 mov eax,ecx
77f1d47b 49 dec ecx
77f1d47c 85c0 test eax,eax
77f1d47e 75ef jnz
RaiseException+0x46 (77f1d46f)
77f1d480 eb07 jmp
RaiseException+0x60 (77f1d489)
77f1d482 c745c000000000 mov dword ptr [ebp-
0x40],0x0 ss:3c4ee8aa=????????
77f1d489 8d45b0 lea eax,[ebp-
0x50] ss:3c4ee8aa=????????
77f1d48c 50 push eax
77f1d48d
ff15b4c3f377
ds:77f3c3b4wf98f6c
call dword ptr
[GetDateFormatW+0x4d9f (77f3c3b4)]
FAUTE ->77f1d493 5e pop esi
77f1d494 8be5 mov esp,ebp
77f1d496 5d pop ebp
77f1d497 c21000 ret 0x10

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0087fea4 70302799 006d007f 00000000 00000001 0087fef4
kernel32!RaiseException
0087feec 70324bfa 0087fec8 7032a664 ffffffff 00000601
WEBCHECK!DllGetClassObject
00000001 00000000 00000000 00000000 00000000 00000000
WEBCHECK!<nosymbols>

*----> Vidage brut de la pile <----*
0087fe50 c0 76 32 70 7f 00 6d 00 - 00 00 00 00 00 00 00
00 .v2p..m.........
0087fe60 93 d4 f1 77 01 00 00 00 - c8 fe 87 00 84 fe 87
00 ...w............
0087fe70 00 00 40 1a 00 00 32 70 - 00 00 00 00 5c 8c f9
77
0087fe80 39 01 00 c0 ac fe 87 00 - 75 17 f0 77 7f 00 00
00 9.......u..w....
0087fe90 00 00 32 70 17 40 f1 77 - 39 01 00 c0 c0 76 32
70
0087fea0 17 00 18 00 ec fe 87 00 - 99 27 30 70 7f 00 6d
00 .........'0p..m.
0087feb0 00 00 00 00 01 00 00 00 - f4 fe 87 00 d5 11 2d
05 ..............-.
0087fec0 00 00 00 00 01 00 00 00 - 24 00 00 00 c0 76 32
70 ........$....v2p
0087fed0 64 a6 32 70 e0 74 32 70 - 01 00 00 00 8c 7e 32
70 d.2p.t2p.....~2p
0087fee0 00 00 40 1a 00 00 00 00 - 7f 00 00 00 01 00 00
00
0087fef0 fa 4b 32 70 c8 fe 87 00 - 64 a6 32 70 ff ff ff
ff .K2p....d.2p....
0087ff00 01 06 00 00 c7 43 32 70 - 40 74 32 70 00 70 32
70
0087ff10 00 00 00 00 00 00 00 00 - 1c 12 78 77 01 00 00
00 ..........xw....
0087ff20 00 00 00 00 68 ff 87 00 - 84 ff 87 00 97 11 78
77 ....h.........xw
0087ff30 5c 18 e7 77 00 00 00 00 - 13 01 00 00 b0 77 00
00 ..w.........w..
0087ff40 c5 d8 2f 05 84 ff 87 00 - 00 00 00 00 a4 fc 06
00 ../.............
0087ff50 88 fc 06 00 d3 59 e7 77 - 68 ff 87 00 00 00 00
00 .....Y.wh.......
0087ff60 3f 7d 40 00 68 ff 87 00 - 00 00 00 00 13 01 00
00 ?}@.h...........
0087ff70 b0 77 00 00 97 11 78 77 - c5 d8 2f 05 e0 03 00
00 .w....xw../.....
0087ff80 09 00 00 00 b8 ff 87 00 - ea 7c 40 00 f7 71 bd
70 .........|@..q.p

Etat de vidage Thread Id 0x137

eax00008c ebx95fe04 ecx95fe24 edx000000
esifdf000 edi000001
eipwf7828b esp95fde0 ebp95fe34 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c5ce7e7=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0095fe34 77f1cd92 00000002 0095ff88 00000000 000dbba0
ntdll!NtWaitForMultipleObjects
0095fe50 6300f7c6 00000002 0095ff88 00000000 000dbba0
kernel32!WaitForMultipleObjects
0095ffb8 77f04ee8 00000000 00000068 0087f120 00000000
wininet!FindCloseUrlCache
0095ffec 00000000 00000000 00000000 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

Etat de vidage Thread Id 0x1ae

eax00001c ebx9eff3c ecx9eff6c edx000000
esifdf000 edi000001
eipwf7828b esp9eff18 ebp9eff6c iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c65e91f=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
009eff6c 77f1cd92 00000003 009effac 00000000 ffffffff
ntdll!NtWaitForMultipleObjects
009eff88 70302215 00000003 009effac 00000000 ffffffff
kernel32!WaitForMultipleObjects
009effb8 77f04ee8 00000000 0087fb68 00f9882f 00000000
WEBCHECK!DllGetClassObject
009effec 00000000 7030218d 00000000 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
009eff18 85 ce f1 77 03 00 00 00 - 3c ff 9e 00 01 00 00
00 ...w....<.......
009eff28 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
009eff38 01 00 00 00 24 01 00 00 - 28 01 00 00 38 01 00
00 ....$...(...8...
009eff48 58 ff 9e 00 80 00 00 00 - 00 00 00 00 00 00 00
00 X...............
009eff58 1e 00 20 00 00 8c fd 7f - 28 01 00 00 00 00 00
00 .. .....(.......
009eff68 00 00 00 00 88 ff 9e 00 - 92 cd f1 77 03 00 00
00 ...........w....
009eff78 ac ff 9e 00 00 00 00 00 - ff ff ff ff 00 00 00
00 ................
009eff88 b8 ff 9e 00 15 22 30 70 - 03 00 00 00 ac ff 9e
00 ....."0p........
009eff98 00 00 00 00 ff ff ff ff - 68 fb 87 00 2f 88 f9
00 ........h.../...
009effa8 00 00 00 00 24 01 00 00 - 28 01 00 00 38 01 00
00 ....$...(...8...
009effb8 ec ff 9e 00 e8 4e f0 77 - 00 00 00 00 68 fb 87
00 .....N.w....h...
009effc8 2f 88 f9 00 00 00 00 00 - 2f 88 f9 00 c4 ff 9e
00 /......./.......
009effd8 b6 bd f7 77 ff ff ff ff - 44 b7 f3 77 38 d2 f3
77 ...w....D..w8..w
009effe8 00 00 00 00 00 00 00 00 - 00 00 00 00 8d 21 30
70 .............!0p
009efff8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
009f0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
009f0018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
009f0028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
009f0038 00 00 00 00 04 05 25 04 - 04 00 00 00 00 00 00
00 ......%.........
009f0048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
05 ................

Etat de vidage Thread Id 0x573

eax000000 ebx000000 ecx0855c8 edx000000
esi083508 edi096798
eipwf77f67 espdcfdf0 ebpdcff90 iopl=0 nv
up ei pl nz na pe nc
cs1b ss23 ds23 es23 fs38
gs00 efl000202

fonction : ZwReplyWaitReceivePort
77f77f5c b890000000 mov eax,0x90
77f77f61 8d542404 lea edx,
[esp+0x4] ss:3ca3e7f7=????????
77f77f65 cd2e int 2e
77f77f67 c21000 ret 0x10
77f77f6a 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00dcff90 77e15fa2 77e16821 00083508 00dcffec 00000000
ntdll!ZwReplyWaitReceivePort
00003a98 00000000 00000000 00000000 00000000 00000000
rpcrt4!NdrVaryingArrayFree

Une exception d'application s'est produite :
App : EXPLORER.dbg (pidP7)
Quand : 4/8/2004 @ 15:30:58.937
Numéro d'exception : c0000005 (violation d'accès)

*----> Informations système <----*
Nom ordinateur : SRV_SYBASE
Nom utilisateur : wlk
Nombre de processeurs : 2
Type de processeur : x86 Family 6 Model 8 Stepping
6
Version Windows : 4.0
Numéro actuel : 1381
Service Pack : 5
Type actuel : Multiprocessor Free
Organisation enregistrée : mpf
Propriétaire enregistré : srv_sybase

*----> Liste des tâches <----*
0 Idle.exe
2 System.exe
28 SMSS.exe
42 CSRSS.exe
32 WINLOGON.exe
48 SERVICES.exe
51 LSASS.exe
75 SPOOLSS.exe
93 ASDscSvc.exe
82 Ntagent.exe
97 defwatch.exe
104 llssrv.exe
107 rtvscan.exe
125 RPCSS.exe
128 r_server.exe
136 ATSVC.exe
141 bcksrvr.exe
147 histsrvr.exe
151 sqlsrvr.exe
208 afaagent.exe
215 PSTORES.exe
130 LOCATOR.exe
67 NDDEAGNT.exe
264 PROMon.exe
271 vptray.exe
507 explorer.exe
1375 DRWTSN32.exe
0 _Total.exe

(00400000 - 0042e000) EXPLORER.dbg
(77f70000 - 77fd0000) dllntdll.dbg
(77dc0000 - 77dff000) dlladvapi32.dbg
(77f00000 - 77f61000) dllkernel32.dbg
(77e70000 - 77ec4000) dlluser32.dbg
(77ed0000 - 77efc000) dllgdi32.dbg
(77e10000 - 77e67000) dllrpcrt4.dbg
(70bd0000 - 70c14000) SHLWAPI.dbg
(71700000 - 7178a000) COMCTL32.dbg
(70960000 - 70b0c000) SHELL32.dbg
(70730000 - 70947000) SHDOCVW.dbg
(77b20000 - 77bd6000) dllole32.dbg
(77bf0000 - 77bf7000) dllrpcltc1.dbg
(77a40000 - 77a4d000) dllntshrui.dbg
(78000000 - 78040000)
(72240000 - 7227a000) dllnetapi32.dbg
(77830000 - 77839000) dllNetRap.dbg
(72280000 - 7228d000) dllsamlib.dbg
(70300000 - 70359000) WEBCHECK.dbg
(77780000 - 77786000) dllmsidle.dbg
(1a400000 - 1a430000) urlmon.dbg
(63000000 - 6304d000) wininet.dbg

Etat de vidage Thread Id 0x17d

eax000000 ebx000001 ecx000401 edx000000
esi087f28 edi000000
eipwe72ada esp06fc98 ebp06fcb4 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000246

fonction : WaitMessage
77e72acf b806120000 mov eax,0x1206
77e72ad4 8d542404 lea edx,
[esp+0x4] ss:3bcde69f=????????
77e72ad8 cd2e int 2e
77e72ada c3 ret

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006fcb4 7077497a 00000000 00000000 00408215 00087f28
user32!WaitMessage
0006ff60 00404849 000001fb 00000000 0002062c 00000005
SHDOCVW!Ordinal120
0006ffc0 77f1ba06 00000000 00000000 7ffdf000 7ffdf000
EXPLORER!<nosymbols>
0006fff0 00000000 004047d0 00000000 000000b0 00000100
kernel32!GetProcessPriorityBoost
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
0006fc98 21 4f 77 70 00 00 00 00 - 28 7f 08 00 01 00 00
00 !Owp....(.......
0006fca8 d8 ce f1 77 28 7f 08 00 - 28 7f 08 00 60 ff 06
00 ...w(...(...`...
0006fcb8 7a 49 77 70 00 00 00 00 - 00 00 00 00 15 82 40
00
0006fcc8 28 7f 08 00 06 4b 40 00 - 28 7f 08 00 00 00 00
00 ((.......
0006fcd8 2c 06 02 00 00 f0 fd 7f - b8 00 00 00 88 fe 06
00 ,...............
0006fce8 14 fd 06 00 88 fe 06 00 - 18 00 fd 7f e8 fd 06
00 ................
0006fcf8 a8 f5 f8 77 e8 fd 06 00 - fa 05 02 00 18 00 00
00 ...w............
0006fd08 a0 fe 06 00 00 e0 fd 7f - 00 00 00 00 69 a0 f7
77 ............i..w
0006fd18 9c fe 06 00 00 00 00 80 - 70 fe 06 00 00 e0 fd
7f ........p.......
0006fd28 00 f0 fd 7f 00 00 00 00 - 5c 00 52 00 65 00 67
00 .........R.e.g.
0006fd38 69 00 73 00 74 00 72 00 - 79 00 5c 00 4d 00 61
00 i.s.t.r.y..M.a.
0006fd48 63 00 68 00 69 00 6e 00 - 65 00 5c 00 53 00 6f
00 c.h.i.n.e..S.o.
0006fd58 66 00 74 00 77 00 61 00 - 72 00 65 00 5c 00 4d
00 f.t.w.a.r.e..M.
0006fd68 69 00 63 00 72 00 6f 00 - 73 00 6f 00 66 00 74
00 i.c.r.o.s.o.f.t.
0006fd78 5c 00 57 00 69 00 6e 00 - 64 00 6f 00 77 00 73
00 .W.i.n.d.o.w.s.
0006fd88 20 00 4e 00 54 00 5c 00 - 43 00 75 00 72 00 72
00 .N.T..C.u.r.r.
0006fd98 65 00 6e 00 74 00 56 00 - 52 03 01 00 3f 00 3f
00 e.n.t.V.R...?.?.
0006fda8 3f 00 3f 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ?.?.............
0006fdb8 00 00 46 00 1c 10 fc 7f - 22 14 fc 7f 1e 14 fc
7f ..F.....".......
0006fdc8 00 00 00 00 e4 04 01 00 - 3f 00 3f 00 3f 00 3f
00 ........?.?.?.?.

Etat de vidage Thread Id 0x192

eax7ffea0 ebx7ffdc0 ecx000001 edx000000
esifdf000 edi000001
eipwf7828b esp7ffd9c ebp7ffdf0 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c46e7a3=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
007ffdf0 77e7ab66 00000005 007ffe18 00000000 00088323
ntdll!NtWaitForMultipleObjects
007ffe4c 77e7aaba 00000004 007ffebc 00088323 000000ff
user32!MsgWaitForMultipleObjectsEx
007ffe68 70976ff7 00000004 007ffebc 00000000 00088323
user32!MsgWaitForMultipleObjects
00000192 00000000 00000000 00000000 00000000 00000000
SHELL32!SHGetDesktopFolder

Etat de vidage Thread Id 0x22b

eax000c18 ebx000000 ecx07f298 edx000000
esi083508 edi07d6f0
eipwf77f67 esp83fdf0 ebp83ff90 iopl=0 nv
up ei pl nz na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000206

fonction : ZwReplyWaitReceivePort
77f77f5c b890000000 mov eax,0x90
77f77f61 8d542404 lea edx,
[esp+0x4] ss:3c4ae7f7=????????
77f77f65 cd2e int 2e
77f77f67 c21000 ret 0x10
77f77f6a 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0083ff90 77e15fa2 77e16821 00083508 0083ffec 0006f952
ntdll!ZwReplyWaitReceivePort
00003a98 00000000 00000000 00000000 00000000 00000000
rpcrt4!NdrVaryingArrayFree

Etat de vidage Thread Id 0x119

eaxR00a704 ebx06fc88 ecx87ffdc edx000000
esi06fca4 edi000000
eipwe72ada esp87ff64 ebp87ff84 iopl=0 nv
up ei pl zr na po nc
cs1b ss23 ds23 es23 fs38
gs00 efl000246

fonction : WaitMessage
77e72acf b806120000 mov eax,0x1206
77e72ad4 8d542404 lea edx,
[esp+0x4] ss:3c4ee96b=????????
77e72ad8 cd2e int 2e
77e72ada c3 ret

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0087ff84 00407cea 70bd71f7 00400000 00000003 00001000
user32!WaitMessage
0087ffb8 77f04ee8 0006fc88 00000003 00001000 0006fc88
EXPLORER!<nosymbols>
0087ffec 00000000 70bd71bd 0006fc88 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
0087ff64 87 7d 40 00 c6 00 64 02 - 0f 00 00 00 00 00 00
00 .}@...d.........
0087ff74 00 00 00 00 be 8d 3d 05 - 2c 00 00 00 76 02 00
00 ......=.,...v...
0087ff84 b8 ff 87 00 ea 7c 40 00 - f7 71 bd 70 00 00 40
00 .....|@
0087ff94 03 00 00 00 00 10 00 00 - d8 7c 40 00 6d 56 40
00 .........|@
0087ffa4 8c 00 00 00 00 00 40 00 - 00 00 00 00 00 00 00
00
0087ffb4 00 00 00 00 ec ff 87 00 - e8 4e f0 77 88 fc 06
00 .........N.w....
0087ffc4 03 00 00 00 00 10 00 00 - 88 fc 06 00 00 10 00
00 ................
0087ffd4 c4 ff 87 00 5c fb 06 00 - ff ff ff ff 44 b7 f3
77 ...........D..w
0087ffe4 38 d2 f3 77 00 00 00 00 - 00 00 00 00 00 00 00
00 8..w............
0087fff4 bd 71 bd 70 88 fc 06 00 - 00 00 00 00 00 00 00
00 .q.p............
00880004 9f 00 01 00 10 00 90 01 - 17 00 b0 01 ff ff ff
00 ................
00880014 ff ff ff 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00880024 01 00 00 00 0d 02 01 01 - 00 00 00 00 00 00 00
00 ................
00880034 00 00 00 00 00 00 00 00 - 02 00 00 00 01 00 00
00 ................
00880044 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00880054 01 00 00 00 00 00 00 00 - 00 00 00 00 07 00 8a
01 ................
00880064 00 00 00 40 06 00 00 00 - 00 00 00 00 00 00 00
00
00880074 00 00 00 00 00 00 00 00 - 00 00 00 40 06 00 00
00
00880084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00880094 00 00 00 00 00 00 00 00 - 4b 00 00 00 00 00 00
40 ........K......@

Etat de vidage Thread Id 0x530

eaxp9743f0 ebx8dfea8 ecx000002 edx000000
esifdf000 edi000001
eipwf7828b esp8dfe84 ebp8dfed8 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c54e88b=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
008dfed8 77e7ab66 00000001 008dff00 00000000 0000ea60
ntdll!NtWaitForMultipleObjects
008dff34 77e7aaba 00000000 00000000 0000ea60 000000ff
user32!MsgWaitForMultipleObjectsEx
008dff50 70982fc9 00000000 00000000 00000000 0000ea60
user32!MsgWaitForMultipleObjects
008dffb8 77f04ee8 00000530 014100f8 0000004e 00000098
SHELL32!Ordinal98
008dffec 00000000 70982ebc 00000098 00000000 000000b0
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
008dfe84 85 ce f1 77 01 00 00 00 - a8 fe 8d 00 01 00 00
00 ...w............
008dfe94 00 00 00 00 c8 fe 8d 00 - 00 00 00 00 00 00 00
00 ................
008dfea4 00 ff 8d 00 b4 00 00 00 - 1c ff 8d 00 00 00 00
00 ................
008dfeb4 5b 12 f7 77 60 55 fb 77 - 61 12 f7 77 30 ff 8d
00 [..w`U.wa..w0...
008dfec4 4e 00 00 00 00 ba 3c dc - ff ff ff ff 00 00 00
00 N.....<.........
008dfed4 c8 fe 8d 00 34 ff 8d 00 - 66 ab e7 77 01 00 00
00 ....4...f..w....
008dfee4 00 ff 8d 00 00 00 00 00 - 60 ea 00 00 00 00 00
00 ........`.......
008dfef4 00 00 00 00 00 00 00 00 - d6 59 e7 77 b4 00 00
00 .........Y.w....
008dff04 00 10 0b 11 ff ff ff ff - 30 ff 8d 00 b9 5e 96
70 ........0....^.p
008dff14 10 53 08 00 0c 53 08 00 - f1 7f e7 77 f8 00 41
01 .S...S.....w..A.
008dff24 00 00 00 00 00 00 00 00 - 44 a0 fd 7f b4 00 00
00 ........D.......
008dff34 50 ff 8d 00 ba aa e7 77 - 00 00 00 00 00 00 00
00 P......w........
008dff44 60 ea 00 00 ff 00 00 00 - 00 00 00 00 b8 ff 8d
00 `...............
008dff54 c9 2f 98 70 00 00 00 00 - 00 00 00 00 00 00 00
00 ./.p............
008dff64 60 ea 00 00 ff 00 00 00 - f8 00 41 01 4e 00 00
00 `.........A.N...
008dff74 98 00 00 00 e0 ae b0 f0 - 04 af b0 f0 f0 ad b0
f0 ................
008dff84 01 9d 90 80 c1 50 14 80 - ff ff ff ff 46 02 00
00 .....P......F...
008dff94 00 00 00 00 02 05 00 00 - a0 8b 08 00 50 dc 08
00 ............P...
008dffa4 9d e4 3c 05 e7 03 00 00 - 33 00 00 00 30 05 00
00 ..<.....3...0...
008dffb4 00 00 00 00 ec ff 8d 00 - e8 4e f0 77 30 05 00
00 .........N.w0...

Etat de vidage Thread Id 0x318

eaxcdf530 ebxa2fe60 ecx01f530 edx000000
esifdf000 edi000001
eipwf7828b espa2fe3c ebpa2fe90 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c69e843=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00a2fe90 77e7ab66 00000002 00a2feb8 00000000 0000ea60
ntdll!NtWaitForMultipleObjects
00a2feec 77e7aaba 00000001 00a2ff40 0000ea60 000000ff
user32!MsgWaitForMultipleObjectsEx
00a2ff08 70762d0c 00000001 00a2ff40 00000000 0000ea60
user32!MsgWaitForMultipleObjects
00a2ff88 70bd71f7 0008d9e8 00000000 00000400 70762bde
SHDOCVW!URLQualifyW
00a2ffb8 77f04ee8 0006fc1c 00000000 00000400 0006fc1c
SHLWAPI!Ordinal16
00a2ffec 00000000 00000000 00000000 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

Etat de vidage Thread Id 0x53e

eax096eb0 ebxadfe04 ecx09df58 edx000000
esifdf000 edi000001
eipwf7828b espadfde0 ebpadfe34 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c74e7e7=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00adfe34 77f1cd92 00000002 00adff88 00000000 000dbba0
ntdll!NtWaitForMultipleObjects
00adfe50 6300f7c6 00000002 00adff88 00000000 000dbba0
kernel32!WaitForMultipleObjects
00adffb8 77f04ee8 00000000 00000068 0087f120 00000000
wininet!FindCloseUrlCache
00adffec 00000000 6300f71e 00000000 00000000 000000b0
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
00adfde0 85 ce f1 77 02 00 00 00 - 04 fe ad 00 01 00 00
00 ...w............
00adfdf0 00 00 00 00 24 fe ad 00 - 68 00 00 00 38 fb 03
63 ....$...h...8..c
00adfe00 00 00 00 00 bc 00 00 00 - d8 00 00 00 00 00 00
00 ................
00adfe10 08 04 07 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00adfe20 04 00 00 00 00 e6 8e e7 - fd ff ff ff 00 00 00
00 ................
00adfe30 24 fe ad 00 50 fe ad 00 - 92 cd f1 77 02 00 00
00 $...P......w....
00adfe40 88 ff ad 00 00 00 00 00 - a0 bb 0d 00 00 00 00
00 ................
00adfe50 b8 ff ad 00 c6 f7 00 63 - 02 00 00 00 88 ff ad
00 .......c........
00adfe60 00 00 00 00 a0 bb 0d 00 - 68 00 00 00 20 f1 87
00 ........h... ...
00adfe70 00 00 00 00 01 00 00 00 - 02 00 00 00 98 fe ad
00 ................
00adfe80 24 c2 00 63 00 00 00 63 - 02 00 00 00 00 00 00
00 $..c...c........
00adfe90 c8 80 07 00 00 f0 fd 7f - c0 80 07 00 31 cf f7
77 ............1..w
00adfea0 84 00 00 00 00 00 00 00 - 00 f0 fd 7f ed 75 f7
77 .............u.w
00adfeb0 60 55 fb 77 5b 12 f7 77 - 60 55 fb 77 61 12 f7
77 `U.w[..w`U.wa..w
00adfec0 30 ff ad 00 20 f1 87 00 - 00 00 00 00 00 00 00
00 0... ...........
00adfed0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00adfee0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00adfef0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00adff00 00 00 00 00 c0 fe ad 00 - 00 00 00 00 ff ff ff
ff ................
00adff10 a4 1f fa 77 e8 d0 fa 77 - ff ff ff ff 00 00 00
00 ...w...w........

Etat de vidage Thread Id 0x172

eax00001c ebxb4ff3c ecxb4ff6c edx000000
esifdf000 edi000001
eipwf7828b espb4ff18 ebpb4ff6c iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : NtWaitForMultipleObjects
77f78280 b8c4000000 mov eax,0xc4
77f78285 8d542404 lea edx,
[esp+0x4] ss:3c7be91f=????????
77f78289 cd2e int 2e
77f7828b c21400 ret 0x14
77f7828e 8bc0 mov eax,eax

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00b4ff6c 77f1cd92 00000003 00b4ffac 00000000 ffffffff
ntdll!NtWaitForMultipleObjects
00b4ff88 70302215 00000003 00b4ffac 00000000 ffffffff
kernel32!WaitForMultipleObjects
00b4ffb8 77f04ee8 00000000 0087fb68 00f9882f 00000000
WEBCHECK!DllGetClassObject
00b4ffec 00000000 7030218d 00000000 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
00b4ff18 85 ce f1 77 03 00 00 00 - 3c ff b4 00 01 00 00
00 ...w....<.......
00b4ff28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 10
00 ................
00b4ff38 01 00 00 00 38 01 00 00 - 04 01 00 00 24 01 00
00 ....8.......$...
00b4ff48 58 ff b4 00 80 00 00 00 - 00 00 00 00 00 00 00
00 X...............
00b4ff58 1e 00 20 00 00 7c fd 7f - 04 01 00 00 00 00 00
00 .. ..|..........
00b4ff68 00 00 00 00 88 ff b4 00 - 92 cd f1 77 03 00 00
00 ...........w....
00b4ff78 ac ff b4 00 00 00 00 00 - ff ff ff ff 00 00 00
00 ................
00b4ff88 b8 ff b4 00 15 22 30 70 - 03 00 00 00 ac ff b4
00 ....."0p........
00b4ff98 00 00 00 00 ff ff ff ff - 68 fb 87 00 2f 88 f9
00 ........h.../...
00b4ffa8 00 00 00 00 38 01 00 00 - 04 01 00 00 24 01 00
00 ....8.......$...
00b4ffb8 ec ff b4 00 e8 4e f0 77 - 00 00 00 00 68 fb 87
00 .....N.w....h...
00b4ffc8 2f 88 f9 00 00 00 00 00 - 2f 88 f9 00 c4 ff b4
00 /......./.......
00b4ffd8 b6 bd f7 77 ff ff ff ff - 44 b7 f3 77 38 d2 f3
77 ...w....D..w8..w
00b4ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 8d 21 30
70 .............!0p
00b4fff8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b50048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................

Etat de vidage Thread Id 0x579

eax000000 ebx0985d8 ecx098ad8 edxd8d36c
esi098adc edi098ad8
eipp73a2d9 espd8c310 ebpd8d940 iopl=0 nv
up ei pl nz ac pe cy
cs1b ss23 ds23 es23 fs38
gs00 efl000213

fonction : Ordinal104
7073a2b5 83f8ff cmp eax,0xff
7073a2b8 7409 jz
Ordinal104+0x38f6 (7073a2c3)
7073a2ba 3b45fc cmp eax,[ebp-
0x4] ss:3c9fc346=????????
7073a2bd 0f8f87000000 jnle
Ordinal104+0x397d (7073a34a)
7073a2c3 837dfcff cmp dword ptr [ebp-
0x4],0xff ss:3c9fc346=????????
7073a2c7 0f8485000000 je
Ordinal104+0x3985 (7073a352)
7073a2cd 8b07 mov eax,
[edi] ds:00098ad8000000
7073a2cf 8d952cfaffff lea edx,
[ebp+0xfffffa2c] ss:00d8d36c0005b4
7073a2d5 52 push edx
7073a2d6 ff75fc push dword ptr [ebp-
0x4] ss:3c9fc346=????????
FAUTE ->7073a2d9 8b08 mov ecx,
[eax] ds:00000000=????????
7073a2db 50 push eax
7073a2dc ff510c call dword ptr
[ecx+0xc] ds:3bd074de=????????
7073a2df 8b45fc mov eax,[ebp-
0x4] ss:3c9fc346=????????
7073a2e2 8b348550c78170 mov esi,
[7081c750+eax*4] ds:00000000=????????
7073a2e9 33ff xor edi,edi
7073a2eb 397df4 cmp [ebp-
0xc],edi ss:3c9fc346=????????
7073a2ee 0f8583910400 jne
DllCanUnloadNow+0xa31b (70783477)
7073a2f4 8b03 mov eax,
[ebx] ds:000985d8p76f770
7073a2f6 8d8d30faffff lea ecx,
[ebp+0xfffffa30] ss:00d8d370000000
7073a2fc 57 push edi
7073a2fd 51 push ecx

*----> Parcours arrière de la pile <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00d8d940 70732a76 ffffffff 709700e9 000985e4 00000000
SHDOCVW!Ordinal104
00d8d96c 7077a898 000985e4 709700e8 00000027 00000000
SHDOCVW!Ordinal145
00d8d998 7097057d 000985e4 709700e8 00000027 00000000
SHDOCVW!DllCanUnloadNow
00d8d9d8 70970177 000985e4 000985d8 00000001 00000000
SHELL32!Ordinal186
00d8d9f0 70746385 000a2d98 00000001 00000000 000985d8
SHELL32!Ordinal163
00d8da08 70748582 00000001 00000001 000985d8 00000000
SHDOCVW!Ordinal161
00d8e250 707495a4 000985d8 000985d8 00d8e2a0 7073c343
SHDOCVW!Ordinal161
00d8e26c 707723a6 000985d8 707423a2 000985d8 000985dc
SHDOCVW!Ordinal161
00d8e2a0 70741ec6 016f00be 00095c48 00000000 00000000
SHDOCVW!Ordinal119
00d8e2c4 70741626 00095c48 00000000 00000000 00000000
SHDOCVW!Ordinal104
00d8e2ec 70741f6e 00095c48 00000000 00000000 000969f0
SHDOCVW!Ordinal104
00d8eb30 7075cdb8 00095c48 00000000 00000000 00d8fd30
SHDOCVW!Ordinal104
00d8fbb4 7077013a 00095c48 00000001 000985d8 70735103
SHDOCVW!DllGetClassObject
00d8fc34 707321a8 00430144 00000001 00000000 00d8fd30
SHDOCVW!Ordinal119
00d8fc6c 7077a3ef 00430144 00000001 00000000 00d8fd30
SHDOCVW!Ordinal145
00d8fc88 707320a2 00430144 00000001 00000000 00d8fd30
SHDOCVW!DllCanUnloadNow
00d8fcac 77e719d0 000985d8 00000001 00000000 00d8fd30
SHDOCVW!Ordinal145
00d8fcc4 77e76143 00446430 00000001 00000000 00d8fd30
user32!OffsetRect
00d8fcf8 77f863a3 00d8fd08 00000074 00000074 00000010
user32!GetSystemMenu
00d8fe2c 77e76362 80000100 7075c5a0 00000000 02cf0000
ntdll!KiUserCallbackDispatcher
00d8fe6c 7075c2bd 00000100 7075c5a0 00000000 02cf0000
user32!CreateWindowExA
00d8ff2c 7075c1dd 7075c5a0 00780065 006c0070 000969f0
SHDOCVW!DllGetClassObject
00d8ffb8 77f04ee8 000969f0 00780065 006c0070 000969f0
SHDOCVW!DllGetClassObject
00d8ffec 00000000 7075c1a1 000969f0 00000000 00000000
kernel32!lstrcmpiW
00000000 00000000 00000000 00000000 00000000 00000000
EXPLORER!<nosymbols>

*----> Vidage brut de la pile <----*
00d8c310 00 00 00 00 6c d3 d8 00 - f8 00 97 70 e0 30 73
70 ....l......p.0sp
00d8c320 e4 85 09 00 a4 1f fa 77 - 40 d8 fa 77 ff ff ff
ff
00d8c330 f4 c3 d8 00 0e 47 f7 77 - 90 08 07 00 6f 00 00
00 .....G.w....o...
00d8c340 10 9c 09 00 0e 00 07 80 - 00 00 00 00 18 79 09
00 .............y..
00d8c350 2c 79 09 00 00 00 00 00 - ff ff ff ff 20 c4 d8
00 ,y.......... ...
00d8c360 0e 47 f8 c4 d8 00 07 00 - 1c 00 fb 7f 6a 9c 09
00 .G..........j...
00d8c370 f0 c4 d8 00 c4 c4 d8 00 - e5 85 96 70 85 79 09
00 ...........p.y..
00d8c380 f0 c4 d8 00 00 00 00 00 - c5 85 96 70 45 79 09
00 ...........pEy..
00d8c390 f0 c4 d8 00 01 00 00 00 - f0 c4 d8 00 b4 84 96
70 ...............p
00d8c3a0 2c 79 09 00 f0 c4 d8 00 - 00 00 00 00 2e d2 d8
00 ,y..............
00d8c3b0 00 00 00 00 1c d2 d8 00 - 00 00 07 00 00 00 00
00 ................
00d8c3c0 b0 c3 d8 00 5c 00 57 00 - a8 ff d8 00 44 00 69
00 .....W.....D.i.
00d8c3d0 72 00 65 00 63 00 74 00 - 6f 00 72 00 79 00 00
00 r.e.c.t.o.r.y...
00d8c3e0 48 05 07 00 1a 00 00 00 - 78 00 00 00 00 00 00
00 H.......x.......
00d8c3f0 08 34 0a 00 18 c4 d8 00 - 8d 11 b2 77 01 00 00
00 .4.........w....
00d8c400 00 00 00 00 08 8c 09 00 - 3c 33 09 00 28 33 09
00 ........<3..(3..
00d8c410 65 4a 96 70 28 33 09 00 - 64 cd d8 00 00 00 00
00 eJ.p(3..d.......
00d8c420 6c 69 09 00 3c c9 d8 00 - 28 33 09 00 07 48 96
70 li..<...(3...H.p
00d8c430 28 33 09 00 00 00 00 00 - 6a 9c 09 00 00 00 00
00 (3......j.......
00d8c440 4d 40 96 70 00 00 00 00 - 10 9c 09 00 60 3c 96
70 `<.p

help:c'est que cet erreur

1 réponse

Veuillez sélectionner un problème